blob: 5275f2fdc212f343b7cdf36b88051db2f152a9d9 [file] [log] [blame]
Willy Tarreaubaaee002006-06-26 02:48:02 +02001/*
2 * HTTP protocol analyzer
3 *
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01004 * Copyright 2000-2010 Willy Tarreau <w@1wt.eu>
Willy Tarreaubaaee002006-06-26 02:48:02 +02005 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#include <ctype.h>
14#include <errno.h>
15#include <fcntl.h>
16#include <stdio.h>
17#include <stdlib.h>
18#include <string.h>
19#include <syslog.h>
Willy Tarreau42250582007-04-01 01:30:43 +020020#include <time.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020021
22#include <sys/socket.h>
23#include <sys/stat.h>
24#include <sys/types.h>
25
Willy Tarreau2dd0d472006-06-29 17:53:05 +020026#include <common/appsession.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010027#include <common/base64.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020028#include <common/compat.h>
29#include <common/config.h>
Willy Tarreaua4cd1f52006-12-16 19:57:26 +010030#include <common/debug.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020031#include <common/memory.h>
32#include <common/mini-clist.h>
33#include <common/standard.h>
Willy Tarreau0c303ee2008-07-07 00:09:58 +020034#include <common/ticks.h>
Willy Tarreau2dd0d472006-06-29 17:53:05 +020035#include <common/time.h>
36#include <common/uri_auth.h>
37#include <common/version.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020038
39#include <types/capture.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020040#include <types/global.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020041
Willy Tarreau8797c062007-05-07 00:55:35 +020042#include <proto/acl.h>
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +010043#include <proto/auth.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020044#include <proto/backend.h>
45#include <proto/buffers.h>
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +010046#include <proto/checks.h>
Willy Tarreau91861262007-10-17 17:06:05 +020047#include <proto/dumpstats.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020048#include <proto/fd.h>
Willy Tarreau03fa5df2010-05-24 21:02:37 +020049#include <proto/frontend.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020050#include <proto/log.h>
Willy Tarreau58f10d72006-12-04 02:26:12 +010051#include <proto/hdr_idx.h>
Willy Tarreau4a568972010-05-12 08:08:50 +020052#include <proto/pattern.h>
Willy Tarreaub6866442008-07-14 23:54:42 +020053#include <proto/proto_tcp.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020054#include <proto/proto_http.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010055#include <proto/proxy.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020056#include <proto/queue.h>
Willy Tarreau7f062c42009-03-05 18:43:00 +010057#include <proto/server.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020058#include <proto/session.h>
Willy Tarreaucff64112008-11-03 06:26:53 +010059#include <proto/stream_interface.h>
Willy Tarreau2d212792008-08-27 21:41:35 +020060#include <proto/stream_sock.h>
Willy Tarreaubaaee002006-06-26 02:48:02 +020061#include <proto/task.h>
62
Willy Tarreau522d6c02009-12-06 18:49:18 +010063const char HTTP_100[] =
64 "HTTP/1.1 100 Continue\r\n\r\n";
65
66const struct chunk http_100_chunk = {
67 .str = (char *)&HTTP_100,
68 .len = sizeof(HTTP_100)-1
69};
70
Willy Tarreau1c47f852006-07-09 08:22:27 +020071/* This is used by remote monitoring */
Willy Tarreau0f772532006-12-23 20:51:41 +010072const char HTTP_200[] =
Willy Tarreau1c47f852006-07-09 08:22:27 +020073 "HTTP/1.0 200 OK\r\n"
74 "Cache-Control: no-cache\r\n"
75 "Connection: close\r\n"
76 "Content-Type: text/html\r\n"
77 "\r\n"
78 "<html><body><h1>200 OK</h1>\nHAProxy: service ready.\n</body></html>\n";
79
Willy Tarreau0f772532006-12-23 20:51:41 +010080const struct chunk http_200_chunk = {
81 .str = (char *)&HTTP_200,
82 .len = sizeof(HTTP_200)-1
83};
84
Willy Tarreaua9679ac2010-01-03 17:32:57 +010085/* Warning: no "connection" header is provided with the 3xx messages below */
Willy Tarreaub463dfb2008-06-07 23:08:56 +020086const char *HTTP_301 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010087 "HTTP/1.1 301 Moved Permanently\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020088 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010089 "Content-length: 0\r\n"
Willy Tarreaub463dfb2008-06-07 23:08:56 +020090 "Location: "; /* not terminated since it will be concatenated with the URL */
91
Willy Tarreau0f772532006-12-23 20:51:41 +010092const char *HTTP_302 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +010093 "HTTP/1.1 302 Found\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010094 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +010095 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +010096 "Location: "; /* not terminated since it will be concatenated with the URL */
97
98/* same as 302 except that the browser MUST retry with the GET method */
99const char *HTTP_303 =
Willy Tarreaubc5aa192010-01-03 15:09:36 +0100100 "HTTP/1.1 303 See Other\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100101 "Cache-Control: no-cache\r\n"
Willy Tarreaubc5aa192010-01-03 15:09:36 +0100102 "Content-length: 0\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100103 "Location: "; /* not terminated since it will be concatenated with the URL */
104
Willy Tarreaubaaee002006-06-26 02:48:02 +0200105/* Warning: this one is an sprintf() fmt string, with <realm> as its only argument */
106const char *HTTP_401_fmt =
107 "HTTP/1.0 401 Unauthorized\r\n"
108 "Cache-Control: no-cache\r\n"
109 "Connection: close\r\n"
Willy Tarreau791d66d2006-07-08 16:53:38 +0200110 "Content-Type: text/html\r\n"
Willy Tarreaubaaee002006-06-26 02:48:02 +0200111 "WWW-Authenticate: Basic realm=\"%s\"\r\n"
112 "\r\n"
113 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
114
Willy Tarreau844a7e72010-01-31 21:46:18 +0100115const char *HTTP_407_fmt =
116 "HTTP/1.0 407 Unauthorized\r\n"
117 "Cache-Control: no-cache\r\n"
118 "Connection: close\r\n"
119 "Content-Type: text/html\r\n"
120 "Proxy-Authenticate: Basic realm=\"%s\"\r\n"
121 "\r\n"
122 "<html><body><h1>401 Unauthorized</h1>\nYou need a valid user and password to access this content.\n</body></html>\n";
123
Willy Tarreau0f772532006-12-23 20:51:41 +0100124
125const int http_err_codes[HTTP_ERR_SIZE] = {
126 [HTTP_ERR_400] = 400,
127 [HTTP_ERR_403] = 403,
128 [HTTP_ERR_408] = 408,
129 [HTTP_ERR_500] = 500,
130 [HTTP_ERR_502] = 502,
131 [HTTP_ERR_503] = 503,
132 [HTTP_ERR_504] = 504,
133};
134
Willy Tarreau80587432006-12-24 17:47:20 +0100135static const char *http_err_msgs[HTTP_ERR_SIZE] = {
Willy Tarreau0f772532006-12-23 20:51:41 +0100136 [HTTP_ERR_400] =
Willy Tarreau80587432006-12-24 17:47:20 +0100137 "HTTP/1.0 400 Bad request\r\n"
Willy Tarreau0f772532006-12-23 20:51:41 +0100138 "Cache-Control: no-cache\r\n"
139 "Connection: close\r\n"
140 "Content-Type: text/html\r\n"
141 "\r\n"
142 "<html><body><h1>400 Bad request</h1>\nYour browser sent an invalid request.\n</body></html>\n",
143
144 [HTTP_ERR_403] =
145 "HTTP/1.0 403 Forbidden\r\n"
146 "Cache-Control: no-cache\r\n"
147 "Connection: close\r\n"
148 "Content-Type: text/html\r\n"
149 "\r\n"
150 "<html><body><h1>403 Forbidden</h1>\nRequest forbidden by administrative rules.\n</body></html>\n",
151
152 [HTTP_ERR_408] =
153 "HTTP/1.0 408 Request Time-out\r\n"
154 "Cache-Control: no-cache\r\n"
155 "Connection: close\r\n"
156 "Content-Type: text/html\r\n"
157 "\r\n"
158 "<html><body><h1>408 Request Time-out</h1>\nYour browser didn't send a complete request in time.\n</body></html>\n",
159
160 [HTTP_ERR_500] =
161 "HTTP/1.0 500 Server Error\r\n"
162 "Cache-Control: no-cache\r\n"
163 "Connection: close\r\n"
164 "Content-Type: text/html\r\n"
165 "\r\n"
166 "<html><body><h1>500 Server Error</h1>\nAn internal server error occured.\n</body></html>\n",
167
168 [HTTP_ERR_502] =
169 "HTTP/1.0 502 Bad Gateway\r\n"
170 "Cache-Control: no-cache\r\n"
171 "Connection: close\r\n"
172 "Content-Type: text/html\r\n"
173 "\r\n"
174 "<html><body><h1>502 Bad Gateway</h1>\nThe server returned an invalid or incomplete response.\n</body></html>\n",
175
176 [HTTP_ERR_503] =
177 "HTTP/1.0 503 Service Unavailable\r\n"
178 "Cache-Control: no-cache\r\n"
179 "Connection: close\r\n"
180 "Content-Type: text/html\r\n"
181 "\r\n"
182 "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this request.\n</body></html>\n",
183
184 [HTTP_ERR_504] =
185 "HTTP/1.0 504 Gateway Time-out\r\n"
186 "Cache-Control: no-cache\r\n"
187 "Connection: close\r\n"
188 "Content-Type: text/html\r\n"
189 "\r\n"
190 "<html><body><h1>504 Gateway Time-out</h1>\nThe server didn't respond in time.\n</body></html>\n",
191
192};
193
Willy Tarreau80587432006-12-24 17:47:20 +0100194/* We must put the messages here since GCC cannot initialize consts depending
195 * on strlen().
196 */
197struct chunk http_err_chunks[HTTP_ERR_SIZE];
198
Willy Tarreau42250582007-04-01 01:30:43 +0200199#define FD_SETS_ARE_BITFIELDS
200#ifdef FD_SETS_ARE_BITFIELDS
201/*
202 * This map is used with all the FD_* macros to check whether a particular bit
203 * is set or not. Each bit represents an ACSII code. FD_SET() sets those bytes
204 * which should be encoded. When FD_ISSET() returns non-zero, it means that the
205 * byte should be encoded. Be careful to always pass bytes from 0 to 255
206 * exclusively to the macros.
207 */
208fd_set hdr_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
209fd_set url_encode_map[(sizeof(fd_set) > (256/8)) ? 1 : ((256/8) / sizeof(fd_set))];
210
211#else
212#error "Check if your OS uses bitfields for fd_sets"
213#endif
214
Willy Tarreau80587432006-12-24 17:47:20 +0100215void init_proto_http()
216{
Willy Tarreau42250582007-04-01 01:30:43 +0200217 int i;
218 char *tmp;
Willy Tarreau80587432006-12-24 17:47:20 +0100219 int msg;
Willy Tarreau42250582007-04-01 01:30:43 +0200220
Willy Tarreau80587432006-12-24 17:47:20 +0100221 for (msg = 0; msg < HTTP_ERR_SIZE; msg++) {
222 if (!http_err_msgs[msg]) {
223 Alert("Internal error: no message defined for HTTP return code %d. Aborting.\n", msg);
224 abort();
225 }
226
227 http_err_chunks[msg].str = (char *)http_err_msgs[msg];
228 http_err_chunks[msg].len = strlen(http_err_msgs[msg]);
229 }
Willy Tarreau42250582007-04-01 01:30:43 +0200230
231 /* initialize the log header encoding map : '{|}"#' should be encoded with
232 * '#' as prefix, as well as non-printable characters ( <32 or >= 127 ).
233 * URL encoding only requires '"', '#' to be encoded as well as non-
234 * printable characters above.
235 */
236 memset(hdr_encode_map, 0, sizeof(hdr_encode_map));
237 memset(url_encode_map, 0, sizeof(url_encode_map));
238 for (i = 0; i < 32; i++) {
239 FD_SET(i, hdr_encode_map);
240 FD_SET(i, url_encode_map);
241 }
242 for (i = 127; i < 256; i++) {
243 FD_SET(i, hdr_encode_map);
244 FD_SET(i, url_encode_map);
245 }
246
247 tmp = "\"#{|}";
248 while (*tmp) {
249 FD_SET(*tmp, hdr_encode_map);
250 tmp++;
251 }
252
253 tmp = "\"#";
254 while (*tmp) {
255 FD_SET(*tmp, url_encode_map);
256 tmp++;
257 }
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200258
259 /* memory allocations */
260 pool2_requri = create_pool("requri", REQURI_LEN, MEM_F_SHARED);
Willy Tarreau086b3b42007-05-13 21:45:51 +0200261 pool2_capture = create_pool("capture", CAPTURE_LEN, MEM_F_SHARED);
Willy Tarreau80587432006-12-24 17:47:20 +0100262}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200263
Willy Tarreau53b6c742006-12-17 13:37:46 +0100264/*
265 * We have 26 list of methods (1 per first letter), each of which can have
266 * up to 3 entries (2 valid, 1 null).
267 */
268struct http_method_desc {
269 http_meth_t meth;
270 int len;
271 const char text[8];
272};
273
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100274const struct http_method_desc http_methods[26][3] = {
Willy Tarreau53b6c742006-12-17 13:37:46 +0100275 ['C' - 'A'] = {
276 [0] = { .meth = HTTP_METH_CONNECT , .len=7, .text="CONNECT" },
277 },
278 ['D' - 'A'] = {
279 [0] = { .meth = HTTP_METH_DELETE , .len=6, .text="DELETE" },
280 },
281 ['G' - 'A'] = {
282 [0] = { .meth = HTTP_METH_GET , .len=3, .text="GET" },
283 },
284 ['H' - 'A'] = {
285 [0] = { .meth = HTTP_METH_HEAD , .len=4, .text="HEAD" },
286 },
287 ['P' - 'A'] = {
288 [0] = { .meth = HTTP_METH_POST , .len=4, .text="POST" },
289 [1] = { .meth = HTTP_METH_PUT , .len=3, .text="PUT" },
290 },
291 ['T' - 'A'] = {
292 [0] = { .meth = HTTP_METH_TRACE , .len=5, .text="TRACE" },
293 },
294 /* rest is empty like this :
295 * [1] = { .meth = HTTP_METH_NONE , .len=0, .text="" },
296 */
297};
298
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100299/* It is about twice as fast on recent architectures to lookup a byte in a
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +0200300 * table than to perform a boolean AND or OR between two tests. Refer to
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100301 * RFC2616 for those chars.
302 */
303
304const char http_is_spht[256] = {
305 [' '] = 1, ['\t'] = 1,
306};
307
308const char http_is_crlf[256] = {
309 ['\r'] = 1, ['\n'] = 1,
310};
311
312const char http_is_lws[256] = {
313 [' '] = 1, ['\t'] = 1,
314 ['\r'] = 1, ['\n'] = 1,
315};
316
317const char http_is_sep[256] = {
318 ['('] = 1, [')'] = 1, ['<'] = 1, ['>'] = 1,
319 ['@'] = 1, [','] = 1, [';'] = 1, [':'] = 1,
320 ['"'] = 1, ['/'] = 1, ['['] = 1, [']'] = 1,
321 ['{'] = 1, ['}'] = 1, ['?'] = 1, ['='] = 1,
322 [' '] = 1, ['\t'] = 1, ['\\'] = 1,
323};
324
325const char http_is_ctl[256] = {
326 [0 ... 31] = 1,
327 [127] = 1,
328};
329
330/*
331 * A token is any ASCII char that is neither a separator nor a CTL char.
332 * Do not overwrite values in assignment since gcc-2.95 will not handle
333 * them correctly. Instead, define every non-CTL char's status.
334 */
335const char http_is_token[256] = {
336 [' '] = 0, ['!'] = 1, ['"'] = 0, ['#'] = 1,
337 ['$'] = 1, ['%'] = 1, ['&'] = 1, ['\''] = 1,
338 ['('] = 0, [')'] = 0, ['*'] = 1, ['+'] = 1,
339 [','] = 0, ['-'] = 1, ['.'] = 1, ['/'] = 0,
340 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1,
341 ['4'] = 1, ['5'] = 1, ['6'] = 1, ['7'] = 1,
342 ['8'] = 1, ['9'] = 1, [':'] = 0, [';'] = 0,
343 ['<'] = 0, ['='] = 0, ['>'] = 0, ['?'] = 0,
344 ['@'] = 0, ['A'] = 1, ['B'] = 1, ['C'] = 1,
345 ['D'] = 1, ['E'] = 1, ['F'] = 1, ['G'] = 1,
346 ['H'] = 1, ['I'] = 1, ['J'] = 1, ['K'] = 1,
347 ['L'] = 1, ['M'] = 1, ['N'] = 1, ['O'] = 1,
348 ['P'] = 1, ['Q'] = 1, ['R'] = 1, ['S'] = 1,
349 ['T'] = 1, ['U'] = 1, ['V'] = 1, ['W'] = 1,
350 ['X'] = 1, ['Y'] = 1, ['Z'] = 1, ['['] = 0,
351 ['\\'] = 0, [']'] = 0, ['^'] = 1, ['_'] = 1,
352 ['`'] = 1, ['a'] = 1, ['b'] = 1, ['c'] = 1,
353 ['d'] = 1, ['e'] = 1, ['f'] = 1, ['g'] = 1,
354 ['h'] = 1, ['i'] = 1, ['j'] = 1, ['k'] = 1,
355 ['l'] = 1, ['m'] = 1, ['n'] = 1, ['o'] = 1,
356 ['p'] = 1, ['q'] = 1, ['r'] = 1, ['s'] = 1,
357 ['t'] = 1, ['u'] = 1, ['v'] = 1, ['w'] = 1,
358 ['x'] = 1, ['y'] = 1, ['z'] = 1, ['{'] = 0,
359 ['|'] = 1, ['}'] = 0, ['~'] = 1,
360};
361
362
Willy Tarreau4b89ad42007-03-04 18:13:58 +0100363/*
364 * An http ver_token is any ASCII which can be found in an HTTP version,
365 * which includes 'H', 'T', 'P', '/', '.' and any digit.
366 */
367const char http_is_ver_token[256] = {
368 ['.'] = 1, ['/'] = 1,
369 ['0'] = 1, ['1'] = 1, ['2'] = 1, ['3'] = 1, ['4'] = 1,
370 ['5'] = 1, ['6'] = 1, ['7'] = 1, ['8'] = 1, ['9'] = 1,
371 ['H'] = 1, ['P'] = 1, ['T'] = 1,
372};
373
374
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100375/*
Willy Tarreaue988a792010-01-04 21:13:14 +0100376 * Silent debug that outputs only in strace, using fd #-1. Trash is modified.
377 */
378#if defined(DEBUG_FSM)
379static void http_silent_debug(int line, struct session *s)
380{
381 int size = 0;
382 size += snprintf(trash + size, sizeof(trash) - size,
383 "[%04d] req: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p lr=%p sm=%d fw=%ld tf=%08x\n",
384 line,
385 s->si[0].state, s->si[0].fd, s->txn.req.msg_state, s->req->flags, s->req->analysers,
386 s->req->data, s->req->size, s->req->l, s->req->w, s->req->r, s->req->lr, s->req->send_max, s->req->to_forward, s->txn.flags);
387 write(-1, trash, size);
388 size = 0;
389 size += snprintf(trash + size, sizeof(trash) - size,
390 " %04d rep: p=%d(%d) s=%d bf=%08x an=%08x data=%p size=%d l=%d w=%p r=%p lr=%p sm=%d fw=%ld\n",
391 line,
392 s->si[1].state, s->si[1].fd, s->txn.rsp.msg_state, s->rep->flags, s->rep->analysers,
393 s->rep->data, s->rep->size, s->rep->l, s->rep->w, s->rep->r, s->rep->lr, s->rep->send_max, s->rep->to_forward);
394
395 write(-1, trash, size);
396}
397#else
398#define http_silent_debug(l,s) do { } while (0)
399#endif
400
401/*
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100402 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
403 * CRLF. Text length is measured first, so it cannot be NULL.
404 * The header is also automatically added to the index <hdr_idx>, and the end
405 * of headers is automatically adjusted. The number of bytes added is returned
406 * on success, otherwise <0 is returned indicating an error.
407 */
408int http_header_add_tail(struct buffer *b, struct http_msg *msg,
409 struct hdr_idx *hdr_idx, const char *text)
410{
411 int bytes, len;
412
413 len = strlen(text);
414 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
415 if (!bytes)
416 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100417 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100418 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
419}
420
421/*
422 * Adds a header and its CRLF at the tail of buffer <b>, just before the last
423 * CRLF. <len> bytes are copied, not counting the CRLF. If <text> is NULL, then
424 * the buffer is only opened and the space reserved, but nothing is copied.
425 * The header is also automatically added to the index <hdr_idx>, and the end
426 * of headers is automatically adjusted. The number of bytes added is returned
427 * on success, otherwise <0 is returned indicating an error.
428 */
429int http_header_add_tail2(struct buffer *b, struct http_msg *msg,
430 struct hdr_idx *hdr_idx, const char *text, int len)
431{
432 int bytes;
433
434 bytes = buffer_insert_line2(b, b->data + msg->eoh, text, len);
435 if (!bytes)
436 return -1;
Willy Tarreaufa355d42009-11-29 18:12:29 +0100437 http_msg_move_end(msg, bytes);
Willy Tarreau4af6f3a2007-03-18 22:36:26 +0100438 return hdr_idx_add(len, 1, hdr_idx, hdr_idx->tail);
439}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200440
441/*
Willy Tarreauaa9dce32007-03-18 23:50:16 +0100442 * Checks if <hdr> is exactly <name> for <len> chars, and ends with a colon.
443 * If so, returns the position of the first non-space character relative to
444 * <hdr>, or <end>-<hdr> if not found before. If no value is found, it tries
445 * to return a pointer to the place after the first space. Returns 0 if the
446 * header name does not match. Checks are case-insensitive.
447 */
448int http_header_match2(const char *hdr, const char *end,
449 const char *name, int len)
450{
451 const char *val;
452
453 if (hdr + len >= end)
454 return 0;
455 if (hdr[len] != ':')
456 return 0;
457 if (strncasecmp(hdr, name, len) != 0)
458 return 0;
459 val = hdr + len + 1;
460 while (val < end && HTTP_IS_SPHT(*val))
461 val++;
462 if ((val >= end) && (len + 2 <= end - hdr))
463 return len + 2; /* we may replace starting from second space */
464 return val - hdr;
465}
466
Willy Tarreau68085d82010-01-18 14:54:04 +0100467/* Find the end of the header value contained between <s> and <e>. See RFC2616,
468 * par 2.2 for more information. Note that it requires a valid header to return
469 * a valid result. This works for headers defined as comma-separated lists.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200470 */
Willy Tarreau68085d82010-01-18 14:54:04 +0100471char *find_hdr_value_end(char *s, const char *e)
Willy Tarreau33a7e692007-06-10 19:45:56 +0200472{
473 int quoted, qdpair;
474
475 quoted = qdpair = 0;
476 for (; s < e; s++) {
477 if (qdpair) qdpair = 0;
Willy Tarreau0f7f51f2010-08-30 11:06:34 +0200478 else if (quoted) {
479 if (*s == '\\') qdpair = 1;
480 else if (*s == '"') quoted = 0;
481 }
Willy Tarreau33a7e692007-06-10 19:45:56 +0200482 else if (*s == '"') quoted = 1;
483 else if (*s == ',') return s;
484 }
485 return s;
486}
487
488/* Find the first or next occurrence of header <name> in message buffer <sol>
489 * using headers index <idx>, and return it in the <ctx> structure. This
490 * structure holds everything necessary to use the header and find next
491 * occurrence. If its <idx> member is 0, the header is searched from the
492 * beginning. Otherwise, the next occurrence is returned. The function returns
Willy Tarreau68085d82010-01-18 14:54:04 +0100493 * 1 when it finds a value, and 0 when there is no more. It is designed to work
494 * with headers defined as comma-separated lists. As a special case, if ctx->val
495 * is NULL when searching for a new values of a header, the current header is
496 * rescanned. This allows rescanning after a header deletion.
Willy Tarreau33a7e692007-06-10 19:45:56 +0200497 */
498int http_find_header2(const char *name, int len,
Willy Tarreau68085d82010-01-18 14:54:04 +0100499 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200500 struct hdr_ctx *ctx)
501{
Willy Tarreau68085d82010-01-18 14:54:04 +0100502 char *eol, *sov;
503 int cur_idx, old_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200504
Willy Tarreau68085d82010-01-18 14:54:04 +0100505 cur_idx = ctx->idx;
506 if (cur_idx) {
Willy Tarreau33a7e692007-06-10 19:45:56 +0200507 /* We have previously returned a value, let's search
508 * another one on the same line.
509 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200510 sol = ctx->line;
Willy Tarreau68085d82010-01-18 14:54:04 +0100511 ctx->del = ctx->val + ctx->vlen;
512 sov = sol + ctx->del;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200513 eol = sol + idx->v[cur_idx].len;
514
515 if (sov >= eol)
516 /* no more values in this header */
517 goto next_hdr;
518
Willy Tarreau68085d82010-01-18 14:54:04 +0100519 /* values remaining for this header, skip the comma but save it
520 * for later use (eg: for header deletion).
521 */
Willy Tarreau33a7e692007-06-10 19:45:56 +0200522 sov++;
523 while (sov < eol && http_is_lws[(unsigned char)*sov])
524 sov++;
525
526 goto return_hdr;
527 }
528
529 /* first request for this header */
530 sol += hdr_idx_first_pos(idx);
Willy Tarreau68085d82010-01-18 14:54:04 +0100531 old_idx = 0;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200532 cur_idx = hdr_idx_first_idx(idx);
Willy Tarreau33a7e692007-06-10 19:45:56 +0200533 while (cur_idx) {
534 eol = sol + idx->v[cur_idx].len;
535
Willy Tarreau1ad7c6d2007-06-10 21:42:55 +0200536 if (len == 0) {
537 /* No argument was passed, we want any header.
538 * To achieve this, we simply build a fake request. */
539 while (sol + len < eol && sol[len] != ':')
540 len++;
541 name = sol;
542 }
543
Willy Tarreau33a7e692007-06-10 19:45:56 +0200544 if ((len < eol - sol) &&
545 (sol[len] == ':') &&
546 (strncasecmp(sol, name, len) == 0)) {
Willy Tarreau68085d82010-01-18 14:54:04 +0100547 ctx->del = len;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200548 sov = sol + len + 1;
549 while (sov < eol && http_is_lws[(unsigned char)*sov])
550 sov++;
Willy Tarreau68085d82010-01-18 14:54:04 +0100551
Willy Tarreau33a7e692007-06-10 19:45:56 +0200552 ctx->line = sol;
Willy Tarreau68085d82010-01-18 14:54:04 +0100553 ctx->prev = old_idx;
554 return_hdr:
Willy Tarreau33a7e692007-06-10 19:45:56 +0200555 ctx->idx = cur_idx;
556 ctx->val = sov - sol;
557
558 eol = find_hdr_value_end(sov, eol);
559 ctx->vlen = eol - sov;
560 return 1;
561 }
562 next_hdr:
563 sol = eol + idx->v[cur_idx].cr + 1;
Willy Tarreau68085d82010-01-18 14:54:04 +0100564 old_idx = cur_idx;
Willy Tarreau33a7e692007-06-10 19:45:56 +0200565 cur_idx = idx->v[cur_idx].next;
566 }
567 return 0;
568}
569
570int http_find_header(const char *name,
Willy Tarreau68085d82010-01-18 14:54:04 +0100571 char *sol, struct hdr_idx *idx,
Willy Tarreau33a7e692007-06-10 19:45:56 +0200572 struct hdr_ctx *ctx)
573{
574 return http_find_header2(name, strlen(name), sol, idx, ctx);
575}
576
Willy Tarreau68085d82010-01-18 14:54:04 +0100577/* Remove one value of a header. This only works on a <ctx> returned by one of
578 * the http_find_header functions. The value is removed, as well as surrounding
579 * commas if any. If the removed value was alone, the whole header is removed.
580 * The ctx is always updated accordingly, as well as buffer <buf> and HTTP
581 * message <msg>. The new index is returned. If it is zero, it means there is
582 * no more header, so any processing may stop. The ctx is always left in a form
583 * that can be handled by http_find_header2() to find next occurrence.
584 */
585int http_remove_header2(struct http_msg *msg, struct buffer *buf,
586 struct hdr_idx *idx, struct hdr_ctx *ctx)
587{
588 int cur_idx = ctx->idx;
589 char *sol = ctx->line;
590 struct hdr_idx_elem *hdr;
591 int delta, skip_comma;
592
593 if (!cur_idx)
594 return 0;
595
596 hdr = &idx->v[cur_idx];
597 if (sol[ctx->del] == ':' && ctx->val + ctx->vlen == hdr->len) {
598 /* This was the only value of the header, we must now remove it entirely. */
599 delta = buffer_replace2(buf, sol, sol + hdr->len + hdr->cr + 1, NULL, 0);
600 http_msg_move_end(msg, delta);
601 idx->used--;
602 hdr->len = 0; /* unused entry */
603 idx->v[ctx->prev].next = idx->v[ctx->idx].next;
Willy Tarreau5c4784f2011-02-12 13:07:35 +0100604 if (idx->tail == ctx->idx)
605 idx->tail = ctx->prev;
Willy Tarreau68085d82010-01-18 14:54:04 +0100606 ctx->idx = ctx->prev; /* walk back to the end of previous header */
607 ctx->line -= idx->v[ctx->idx].len + idx->v[cur_idx].cr + 1;
608 ctx->val = idx->v[ctx->idx].len; /* point to end of previous header */
609 ctx->vlen = 0;
610 return ctx->idx;
611 }
612
613 /* This was not the only value of this header. We have to remove between
614 * ctx->del+1 and ctx->val+ctx->vlen+1 included. If it is the last entry
615 * of the list, we remove the last separator.
616 */
617
618 skip_comma = (ctx->val + ctx->vlen == hdr->len) ? 0 : 1;
619 delta = buffer_replace2(buf, sol + ctx->del + skip_comma,
620 sol + ctx->val + ctx->vlen + skip_comma,
621 NULL, 0);
622 hdr->len += delta;
623 http_msg_move_end(msg, delta);
624 ctx->val = ctx->del;
625 ctx->vlen = 0;
626 return ctx->idx;
627}
628
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100629/* This function handles a server error at the stream interface level. The
630 * stream interface is assumed to be already in a closed state. An optional
631 * message is copied into the input buffer, and an HTTP status code stored.
632 * The error flags are set to the values in arguments. Any pending request
Willy Tarreau6f0aa472009-03-08 20:33:29 +0100633 * in this buffer will be lost.
Willy Tarreaubaaee002006-06-26 02:48:02 +0200634 */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100635static void http_server_error(struct session *t, struct stream_interface *si,
636 int err, int finst, int status, const struct chunk *msg)
Willy Tarreaubaaee002006-06-26 02:48:02 +0200637{
Willy Tarreaud5fd51c2010-01-22 14:17:47 +0100638 buffer_auto_read(si->ob);
639 buffer_abort(si->ob);
640 buffer_auto_close(si->ob);
641 buffer_erase(si->ob);
Willy Tarreau520d95e2009-09-19 21:04:57 +0200642 buffer_auto_close(si->ib);
Willy Tarreau90deb182010-01-07 00:20:41 +0100643 buffer_auto_read(si->ib);
Willy Tarreau0f772532006-12-23 20:51:41 +0100644 if (status > 0 && msg) {
Willy Tarreau3bac9ff2007-03-18 17:31:28 +0100645 t->txn.status = status;
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100646 buffer_write(si->ib, msg->str, msg->len);
Willy Tarreaubaaee002006-06-26 02:48:02 +0200647 }
648 if (!(t->flags & SN_ERR_MASK))
649 t->flags |= err;
650 if (!(t->flags & SN_FINST_MASK))
651 t->flags |= finst;
652}
653
Willy Tarreau80587432006-12-24 17:47:20 +0100654/* This function returns the appropriate error location for the given session
655 * and message.
656 */
657
658struct chunk *error_message(struct session *s, int msgnum)
659{
Willy Tarreaue2e27a52007-04-01 00:01:37 +0200660 if (s->be->errmsg[msgnum].str)
661 return &s->be->errmsg[msgnum];
Willy Tarreau80587432006-12-24 17:47:20 +0100662 else if (s->fe->errmsg[msgnum].str)
663 return &s->fe->errmsg[msgnum];
664 else
665 return &http_err_chunks[msgnum];
666}
Willy Tarreaubaaee002006-06-26 02:48:02 +0200667
Willy Tarreau53b6c742006-12-17 13:37:46 +0100668/*
669 * returns HTTP_METH_NONE if there is nothing valid to read (empty or non-text
670 * string), HTTP_METH_OTHER for unknown methods, or the identified method.
671 */
672static http_meth_t find_http_meth(const char *str, const int len)
673{
674 unsigned char m;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100675 const struct http_method_desc *h;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100676
677 m = ((unsigned)*str - 'A');
678
679 if (m < 26) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100680 for (h = http_methods[m]; h->len > 0; h++) {
681 if (unlikely(h->len != len))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100682 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100683 if (likely(memcmp(str, h->text, h->len) == 0))
Willy Tarreau53b6c742006-12-17 13:37:46 +0100684 return h->meth;
Willy Tarreau53b6c742006-12-17 13:37:46 +0100685 };
686 return HTTP_METH_OTHER;
687 }
688 return HTTP_METH_NONE;
689
690}
691
Willy Tarreau21d2af32008-02-14 20:25:24 +0100692/* Parse the URI from the given transaction (which is assumed to be in request
693 * phase) and look for the "/" beginning the PATH. If not found, return NULL.
694 * It is returned otherwise.
695 */
696static char *
697http_get_path(struct http_txn *txn)
698{
699 char *ptr, *end;
700
Willy Tarreau962c3f42010-01-10 00:15:35 +0100701 ptr = txn->req.sol + txn->req.sl.rq.u;
Willy Tarreau21d2af32008-02-14 20:25:24 +0100702 end = ptr + txn->req.sl.rq.u_l;
703
704 if (ptr >= end)
705 return NULL;
706
707 /* RFC2616, par. 5.1.2 :
708 * Request-URI = "*" | absuri | abspath | authority
709 */
710
711 if (*ptr == '*')
712 return NULL;
713
714 if (isalpha((unsigned char)*ptr)) {
715 /* this is a scheme as described by RFC3986, par. 3.1 */
716 ptr++;
717 while (ptr < end &&
718 (isalnum((unsigned char)*ptr) || *ptr == '+' || *ptr == '-' || *ptr == '.'))
719 ptr++;
720 /* skip '://' */
721 if (ptr == end || *ptr++ != ':')
722 return NULL;
723 if (ptr == end || *ptr++ != '/')
724 return NULL;
725 if (ptr == end || *ptr++ != '/')
726 return NULL;
727 }
728 /* skip [user[:passwd]@]host[:[port]] */
729
730 while (ptr < end && *ptr != '/')
731 ptr++;
732
733 if (ptr == end)
734 return NULL;
735
736 /* OK, we got the '/' ! */
737 return ptr;
738}
739
Willy Tarreauefb453c2008-10-26 20:49:47 +0100740/* Returns a 302 for a redirectable request. This may only be called just after
741 * the stream interface has moved to SI_ST_ASS. Unprocessable requests are
742 * left unchanged and will follow normal proxy processing.
743 */
Willy Tarreau55a8d0e2008-11-30 18:47:21 +0100744void perform_http_redirect(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100745{
746 struct http_txn *txn;
747 struct chunk rdr;
748 char *path;
749 int len;
750
751 /* 1: create the response header */
752 rdr.len = strlen(HTTP_302);
753 rdr.str = trash;
Willy Tarreau59e0b0f2010-01-09 21:29:23 +0100754 rdr.size = sizeof(trash);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100755 memcpy(rdr.str, HTTP_302, rdr.len);
756
757 /* 2: add the server's prefix */
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +0200758 if (rdr.len + s->srv->rdr_len > rdr.size)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100759 return;
760
Willy Tarreaudcb75c42010-01-10 00:24:22 +0100761 /* special prefix "/" means don't change URL */
762 if (s->srv->rdr_len != 1 || *s->srv->rdr_pfx != '/') {
763 memcpy(rdr.str + rdr.len, s->srv->rdr_pfx, s->srv->rdr_len);
764 rdr.len += s->srv->rdr_len;
765 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100766
767 /* 3: add the request URI */
768 txn = &s->txn;
769 path = http_get_path(txn);
770 if (!path)
771 return;
772
Willy Tarreau962c3f42010-01-10 00:15:35 +0100773 len = txn->req.sl.rq.u_l + (txn->req.sol + txn->req.sl.rq.u) - path;
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +0200774 if (rdr.len + len > rdr.size - 4) /* 4 for CRLF-CRLF */
Willy Tarreauefb453c2008-10-26 20:49:47 +0100775 return;
776
777 memcpy(rdr.str + rdr.len, path, len);
778 rdr.len += len;
Willy Tarreau88d349d2010-01-25 12:15:43 +0100779
780 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
781 memcpy(rdr.str + rdr.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
782 rdr.len += 29;
783 } else {
784 memcpy(rdr.str + rdr.len, "\r\nConnection: close\r\n\r\n", 23);
785 rdr.len += 23;
786 }
Willy Tarreauefb453c2008-10-26 20:49:47 +0100787
788 /* prepare to return without error. */
Willy Tarreau99126c32008-11-27 10:30:51 +0100789 si->shutr(si);
790 si->shutw(si);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100791 si->err_type = SI_ET_NONE;
792 si->err_loc = NULL;
793 si->state = SI_ST_CLO;
794
795 /* send the message */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100796 http_server_error(s, si, SN_ERR_PRXCOND, SN_FINST_C, 302, &rdr);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100797
798 /* FIXME: we should increase a counter of redirects per server and per backend. */
799 if (s->srv)
Willy Tarreau7f062c42009-03-05 18:43:00 +0100800 srv_inc_sess_ctr(s->srv);
Willy Tarreauefb453c2008-10-26 20:49:47 +0100801}
802
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100803/* Return the error message corresponding to si->err_type. It is assumed
Willy Tarreauefb453c2008-10-26 20:49:47 +0100804 * that the server side is closed. Note that err_type is actually a
805 * bitmask, where almost only aborts may be cumulated with other
806 * values. We consider that aborted operations are more important
807 * than timeouts or errors due to the fact that nobody else in the
808 * logs might explain incomplete retries. All others should avoid
809 * being cumulated. It should normally not be possible to have multiple
810 * aborts at once, but just in case, the first one in sequence is reported.
811 */
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100812void http_return_srv_error(struct session *s, struct stream_interface *si)
Willy Tarreauefb453c2008-10-26 20:49:47 +0100813{
Willy Tarreau0cac36f2008-11-30 20:44:17 +0100814 int err_type = si->err_type;
Willy Tarreauefb453c2008-10-26 20:49:47 +0100815
816 if (err_type & SI_ET_QUEUE_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100817 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_Q,
818 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100819 else if (err_type & SI_ET_CONN_ABRT)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100820 http_server_error(s, si, SN_ERR_CLICL, SN_FINST_C,
821 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100822 else if (err_type & SI_ET_QUEUE_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100823 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_Q,
824 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100825 else if (err_type & SI_ET_QUEUE_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100826 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_Q,
827 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100828 else if (err_type & SI_ET_CONN_TO)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100829 http_server_error(s, si, SN_ERR_SRVTO, SN_FINST_C,
830 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100831 else if (err_type & SI_ET_CONN_ERR)
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100832 http_server_error(s, si, SN_ERR_SRVCL, SN_FINST_C,
833 503, error_message(s, HTTP_ERR_503));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100834 else /* SI_ET_CONN_OTHER and others */
Willy Tarreau2d3d94c2008-11-30 20:20:08 +0100835 http_server_error(s, si, SN_ERR_INTERNAL, SN_FINST_C,
836 500, error_message(s, HTTP_ERR_500));
Willy Tarreauefb453c2008-10-26 20:49:47 +0100837}
838
Willy Tarreau42250582007-04-01 01:30:43 +0200839extern const char sess_term_cond[8];
840extern const char sess_fin_state[8];
841extern const char *monthname[12];
Willy Tarreauf1348312010-10-07 15:54:11 +0200842const char sess_cookie[8] = "NIDVEO67"; /* No cookie, Invalid cookie, cookie for a Down server, Valid cookie, Expired cookie, Old cookie, unknown */
843const char sess_set_cookie[8] = "NPDIRU67"; /* No set-cookie, Set-cookie found and left unchanged (passive),
844 Set-cookie Deleted, Set-Cookie Inserted, Set-cookie Rewritten,
845 Set-cookie Updated, unknown, unknown */
Willy Tarreau332f8bf2007-05-13 21:36:56 +0200846struct pool_head *pool2_requri;
Willy Tarreau086b3b42007-05-13 21:45:51 +0200847struct pool_head *pool2_capture;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +0100848
Emeric Brun3a058f32009-06-30 18:26:00 +0200849void http_sess_clflog(struct session *s)
850{
Cyril Bontéacd7d632010-11-01 19:26:02 +0100851 char pn[INET6_ADDRSTRLEN];
Emeric Brun3a058f32009-06-30 18:26:00 +0200852 struct proxy *fe = s->fe;
853 struct proxy *be = s->be;
854 struct proxy *prx_log;
855 struct http_txn *txn = &s->txn;
856 int tolog, level, err;
857 char *uri, *h;
Willy Tarreau71904a42011-02-13 14:30:26 +0100858 const char *svid;
Emeric Brun3a058f32009-06-30 18:26:00 +0200859 struct tm tm;
860 static char tmpline[MAX_SYSLOG_LEN];
861 int hdr;
862 size_t w;
863 int t_request;
864
865 prx_log = fe;
866 err = (s->flags & (SN_ERR_MASK | SN_REDISP)) ||
Willy Tarreauee28de02010-06-01 09:51:00 +0200867 (s->req->cons->conn_retries != be->conn_retries) ||
Emeric Brun3a058f32009-06-30 18:26:00 +0200868 txn->status >= 500;
869
Willy Tarreau957c0a52011-03-03 17:42:23 +0100870 if (s->req->prod->addr.c.from.ss_family == AF_INET)
Emeric Brun3a058f32009-06-30 18:26:00 +0200871 inet_ntop(AF_INET,
Willy Tarreau957c0a52011-03-03 17:42:23 +0100872 (const void *)&((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_addr,
Emeric Brun3a058f32009-06-30 18:26:00 +0200873 pn, sizeof(pn));
Willy Tarreau957c0a52011-03-03 17:42:23 +0100874 else if (s->req->prod->addr.c.from.ss_family == AF_INET6)
Emeric Brun3a058f32009-06-30 18:26:00 +0200875 inet_ntop(AF_INET6,
Willy Tarreau957c0a52011-03-03 17:42:23 +0100876 (const void *)&((struct sockaddr_in6 *)(&s->req->prod->addr.c.from))->sin6_addr,
Emeric Brun3a058f32009-06-30 18:26:00 +0200877 pn, sizeof(pn));
Emeric Brun5bd86a82010-10-22 17:23:04 +0200878 else
879 snprintf(pn, sizeof(pn), "unix:%d", s->listener->luid);
Emeric Brun3a058f32009-06-30 18:26:00 +0200880
881 get_gmtime(s->logs.accept_date.tv_sec, &tm);
882
883 /* FIXME: let's limit ourselves to frontend logging for now. */
884 tolog = fe->to_log;
885
886 h = tmpline;
887
888 w = snprintf(h, sizeof(tmpline),
889 "%s - - [%02d/%s/%04d:%02d:%02d:%02d +0000]",
890 pn,
891 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
892 tm.tm_hour, tm.tm_min, tm.tm_sec);
893 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
894 goto trunc;
895 h += w;
896
897 if (h >= tmpline + sizeof(tmpline) - 4)
898 goto trunc;
899
900 *(h++) = ' ';
901 *(h++) = '\"';
902 uri = txn->uri ? txn->uri : "<BADREQ>";
903 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
904 '#', url_encode_map, uri);
905 *(h++) = '\"';
906
907 w = snprintf(h, sizeof(tmpline) - (h - tmpline), " %d %lld", txn->status, s->logs.bytes_out);
908 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
909 goto trunc;
910 h += w;
911
912 if (h >= tmpline + sizeof(tmpline) - 9)
913 goto trunc;
914 memcpy(h, " \"-\" \"-\"", 8);
915 h += 8;
916
917 w = snprintf(h, sizeof(tmpline) - (h - tmpline),
918 " %d %03d",
Willy Tarreau957c0a52011-03-03 17:42:23 +0100919 s->req->prod->addr.c.from.ss_family == AF_UNIX ? s->listener->luid :
920 ntohs((s->req->prod->addr.c.from.ss_family == AF_INET) ?
921 ((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_port :
922 ((struct sockaddr_in6 *)&s->req->prod->addr.c.from)->sin6_port),
Emeric Brun3a058f32009-06-30 18:26:00 +0200923 (int)s->logs.accept_date.tv_usec/1000);
924 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
925 goto trunc;
926 h += w;
927
928 w = strlen(fe->id);
929 if (h >= tmpline + sizeof(tmpline) - 4 - w)
930 goto trunc;
931 *(h++) = ' ';
932 *(h++) = '\"';
933 memcpy(h, fe->id, w);
934 h += w;
935 *(h++) = '\"';
936
937 w = strlen(be->id);
938 if (h >= tmpline + sizeof(tmpline) - 4 - w)
939 goto trunc;
940 *(h++) = ' ';
941 *(h++) = '\"';
942 memcpy(h, be->id, w);
943 h += w;
944 *(h++) = '\"';
945
Willy Tarreau71904a42011-02-13 14:30:26 +0100946 if (!(tolog & LW_SVID))
947 svid = "-";
948 else switch (s->req->cons->target.type) {
949 case TARG_TYPE_SERVER:
950 svid = s->req->cons->target.ptr.s->id;
951 break;
952 case TARG_TYPE_APPLET:
953 svid = s->req->cons->target.ptr.a->name;
954 break;
955 default:
956 svid = "<NOSRV>";
957 break;
958 }
Emeric Brun3a058f32009-06-30 18:26:00 +0200959
960 w = strlen(svid);
961 if (h >= tmpline + sizeof(tmpline) - 4 - w)
962 goto trunc;
963 *(h++) = ' ';
964 *(h++) = '\"';
965 memcpy(h, svid, w);
966 h += w;
967 *(h++) = '\"';
968
969 t_request = -1;
970 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
971 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
972 w = snprintf(h, sizeof(tmpline) - (h - tmpline),
973 " %d %ld %ld %ld %ld",
974 t_request,
975 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
976 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
977 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
978 s->logs.t_close);
979 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
980 goto trunc;
981 h += w;
982
983 if (h >= tmpline + sizeof(tmpline) - 8)
984 goto trunc;
985 *(h++) = ' ';
986 *(h++) = '\"';
987 *(h++) = sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT];
988 *(h++) = sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT];
989 *(h++) = (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
990 *(h++) = (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-';
991 *(h++) = '\"';
992
993 w = snprintf(h, sizeof(tmpline) - (h - tmpline),
994 " %d %d %d %d %d %ld %ld",
995 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Willy Tarreauee28de02010-06-01 09:51:00 +0200996 (s->req->cons->conn_retries > 0) ? (be->conn_retries - s->req->cons->conn_retries) : be->conn_retries,
Emeric Brun3a058f32009-06-30 18:26:00 +0200997 s->logs.srv_queue_size, s->logs.prx_queue_size);
998
999 if (w < 0 || w >= sizeof(tmpline) - (h - tmpline))
1000 goto trunc;
1001 h += w;
1002
1003 if (txn->cli_cookie) {
1004 w = strlen(txn->cli_cookie);
1005 if (h >= tmpline + sizeof(tmpline) - 4 - w)
1006 goto trunc;
1007 *(h++) = ' ';
1008 *(h++) = '\"';
1009 memcpy(h, txn->cli_cookie, w);
1010 h += w;
1011 *(h++) = '\"';
1012 } else {
1013 if (h >= tmpline + sizeof(tmpline) - 5)
1014 goto trunc;
1015 memcpy(h, " \"-\"", 4);
1016 h += 4;
1017 }
1018
1019 if (txn->srv_cookie) {
1020 w = strlen(txn->srv_cookie);
1021 if (h >= tmpline + sizeof(tmpline) - 4 - w)
1022 goto trunc;
1023 *(h++) = ' ';
1024 *(h++) = '\"';
1025 memcpy(h, txn->srv_cookie, w);
1026 h += w;
1027 *(h++) = '\"';
1028 } else {
1029 if (h >= tmpline + sizeof(tmpline) - 5)
1030 goto trunc;
1031 memcpy(h, " \"-\"", 4);
1032 h += 4;
1033 }
1034
1035 if ((fe->to_log & LW_REQHDR) && txn->req.cap) {
1036 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
1037 if (h >= sizeof (tmpline) + tmpline - 4)
1038 goto trunc;
Cyril Bonté7f2c5392010-03-13 15:15:07 +01001039 if (txn->req.cap[hdr] != NULL) {
1040 *(h++) = ' ';
1041 *(h++) = '\"';
1042 h = encode_string(h, tmpline + sizeof(tmpline) - 2,
1043 '#', hdr_encode_map, txn->req.cap[hdr]);
1044 *(h++) = '\"';
1045 } else {
1046 memcpy(h, " \"-\"", 4);
1047 h += 4;
1048 }
Emeric Brun3a058f32009-06-30 18:26:00 +02001049 }
1050 }
1051
1052 if ((fe->to_log & LW_RSPHDR) && txn->rsp.cap) {
1053 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
1054 if (h >= sizeof (tmpline) + tmpline - 4)
1055 goto trunc;
Cyril Bonté7f2c5392010-03-13 15:15:07 +01001056 if (txn->rsp.cap[hdr] != NULL) {
1057 *(h++) = ' ';
1058 *(h++) = '\"';
1059 h = encode_string(h, tmpline + sizeof(tmpline) - 2,
1060 '#', hdr_encode_map, txn->rsp.cap[hdr]);
1061 *(h++) = '\"';
1062 } else {
1063 memcpy(h, " \"-\"", 4);
1064 h += 4;
1065 }
Emeric Brun3a058f32009-06-30 18:26:00 +02001066 }
1067 }
1068
1069trunc:
1070 *h = '\0';
1071
1072 level = LOG_INFO;
1073 if (err && (fe->options2 & PR_O2_LOGERRORS))
1074 level = LOG_ERR;
1075
1076 send_log(prx_log, level, "%s\n", tmpline);
1077
1078 s->logs.logwait = 0;
1079}
1080
Willy Tarreau42250582007-04-01 01:30:43 +02001081/*
1082 * send a log for the session when we have enough info about it.
1083 * Will not log if the frontend has no log defined.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001084 */
Willy Tarreau55a8d0e2008-11-30 18:47:21 +01001085void http_sess_log(struct session *s)
Willy Tarreau42250582007-04-01 01:30:43 +02001086{
Cyril Bontéacd7d632010-11-01 19:26:02 +01001087 char pn[INET6_ADDRSTRLEN];
Willy Tarreau42250582007-04-01 01:30:43 +02001088 struct proxy *fe = s->fe;
1089 struct proxy *be = s->be;
1090 struct proxy *prx_log;
1091 struct http_txn *txn = &s->txn;
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +02001092 int tolog, level, err;
Willy Tarreau42250582007-04-01 01:30:43 +02001093 char *uri, *h;
Willy Tarreau71904a42011-02-13 14:30:26 +01001094 const char *svid;
Willy Tarreaufe944602007-10-25 10:34:16 +02001095 struct tm tm;
Willy Tarreau42250582007-04-01 01:30:43 +02001096 static char tmpline[MAX_SYSLOG_LEN];
Willy Tarreau70089872008-06-13 21:12:51 +02001097 int t_request;
Willy Tarreau42250582007-04-01 01:30:43 +02001098 int hdr;
1099
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +02001100 /* if we don't want to log normal traffic, return now */
1101 err = (s->flags & (SN_ERR_MASK | SN_REDISP)) ||
Willy Tarreauee28de02010-06-01 09:51:00 +02001102 (s->req->cons->conn_retries != be->conn_retries) ||
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +02001103 txn->status >= 500;
1104 if (!err && (fe->options2 & PR_O2_NOLOGNORM))
1105 return;
1106
Willy Tarreau42250582007-04-01 01:30:43 +02001107 if (fe->logfac1 < 0 && fe->logfac2 < 0)
1108 return;
1109 prx_log = fe;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001110
Emeric Brun3a058f32009-06-30 18:26:00 +02001111 if (prx_log->options2 & PR_O2_CLFLOG)
1112 return http_sess_clflog(s);
1113
Willy Tarreau957c0a52011-03-03 17:42:23 +01001114 if (s->req->prod->addr.c.from.ss_family == AF_INET)
Willy Tarreau42250582007-04-01 01:30:43 +02001115 inet_ntop(AF_INET,
Willy Tarreau957c0a52011-03-03 17:42:23 +01001116 (const void *)&((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_addr,
Willy Tarreau42250582007-04-01 01:30:43 +02001117 pn, sizeof(pn));
Willy Tarreau957c0a52011-03-03 17:42:23 +01001118 else if (s->req->prod->addr.c.from.ss_family == AF_INET6)
Willy Tarreau42250582007-04-01 01:30:43 +02001119 inet_ntop(AF_INET6,
Willy Tarreau957c0a52011-03-03 17:42:23 +01001120 (const void *)&((struct sockaddr_in6 *)(&s->req->prod->addr.c.from))->sin6_addr,
Willy Tarreau42250582007-04-01 01:30:43 +02001121 pn, sizeof(pn));
1122
Willy Tarreaub7f694f2008-06-22 17:18:02 +02001123 get_localtime(s->logs.accept_date.tv_sec, &tm);
Willy Tarreau42250582007-04-01 01:30:43 +02001124
1125 /* FIXME: let's limit ourselves to frontend logging for now. */
1126 tolog = fe->to_log;
1127
1128 h = tmpline;
1129 if (fe->to_log & LW_REQHDR &&
1130 txn->req.cap &&
1131 (h < tmpline + sizeof(tmpline) - 10)) {
1132 *(h++) = ' ';
1133 *(h++) = '{';
1134 for (hdr = 0; hdr < fe->nb_req_cap; hdr++) {
1135 if (hdr)
1136 *(h++) = '|';
1137 if (txn->req.cap[hdr] != NULL)
1138 h = encode_string(h, tmpline + sizeof(tmpline) - 7,
1139 '#', hdr_encode_map, txn->req.cap[hdr]);
1140 }
1141 *(h++) = '}';
1142 }
1143
1144 if (fe->to_log & LW_RSPHDR &&
1145 txn->rsp.cap &&
1146 (h < tmpline + sizeof(tmpline) - 7)) {
1147 *(h++) = ' ';
1148 *(h++) = '{';
1149 for (hdr = 0; hdr < fe->nb_rsp_cap; hdr++) {
1150 if (hdr)
1151 *(h++) = '|';
1152 if (txn->rsp.cap[hdr] != NULL)
1153 h = encode_string(h, tmpline + sizeof(tmpline) - 4,
1154 '#', hdr_encode_map, txn->rsp.cap[hdr]);
1155 }
1156 *(h++) = '}';
1157 }
1158
1159 if (h < tmpline + sizeof(tmpline) - 4) {
1160 *(h++) = ' ';
1161 *(h++) = '"';
1162 uri = txn->uri ? txn->uri : "<BADREQ>";
1163 h = encode_string(h, tmpline + sizeof(tmpline) - 1,
1164 '#', url_encode_map, uri);
1165 *(h++) = '"';
1166 }
1167 *h = '\0';
1168
Willy Tarreau71904a42011-02-13 14:30:26 +01001169 if (!(tolog & LW_SVID))
1170 svid = "-";
1171 else switch (s->req->cons->target.type) {
1172 case TARG_TYPE_SERVER:
1173 svid = s->req->cons->target.ptr.s->id;
1174 break;
1175 case TARG_TYPE_APPLET:
1176 svid = s->req->cons->target.ptr.a->name;
1177 break;
1178 default:
1179 svid = "<NOSRV>";
1180 break;
1181 }
Willy Tarreau42250582007-04-01 01:30:43 +02001182
Willy Tarreau70089872008-06-13 21:12:51 +02001183 t_request = -1;
1184 if (tv_isge(&s->logs.tv_request, &s->logs.tv_accept))
1185 t_request = tv_ms_elapsed(&s->logs.tv_accept, &s->logs.tv_request);
1186
Willy Tarreauc9bd0cc2009-05-10 11:57:02 +02001187 level = LOG_INFO;
1188 if (err && (fe->options2 & PR_O2_LOGERRORS))
1189 level = LOG_ERR;
1190
1191 send_log(prx_log, level,
Willy Tarreau42250582007-04-01 01:30:43 +02001192 "%s:%d [%02d/%s/%04d:%02d:%02d:%02d.%03d]"
Willy Tarreau1772ece2009-04-03 14:49:12 +02001193 " %s %s/%s %d/%ld/%ld/%ld/%s%ld %d %s%lld"
1194 " %s %s %c%c%c%c %d/%d/%d/%d/%s%u %ld/%ld%s\n",
Willy Tarreau957c0a52011-03-03 17:42:23 +01001195 (s->req->prod->addr.c.from.ss_family == AF_UNIX) ? "unix" : pn,
1196 (s->req->prod->addr.c.from.ss_family == AF_UNIX) ? s->listener->luid :
1197 ntohs((s->req->prod->addr.c.from.ss_family == AF_INET) ?
1198 ((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_port :
1199 ((struct sockaddr_in6 *)&s->req->prod->addr.c.from)->sin6_port),
Willy Tarreaufe944602007-10-25 10:34:16 +02001200 tm.tm_mday, monthname[tm.tm_mon], tm.tm_year+1900,
Willy Tarreau1772ece2009-04-03 14:49:12 +02001201 tm.tm_hour, tm.tm_min, tm.tm_sec, (int)s->logs.accept_date.tv_usec/1000,
Willy Tarreau42250582007-04-01 01:30:43 +02001202 fe->id, be->id, svid,
Willy Tarreau70089872008-06-13 21:12:51 +02001203 t_request,
1204 (s->logs.t_queue >= 0) ? s->logs.t_queue - t_request : -1,
Willy Tarreau42250582007-04-01 01:30:43 +02001205 (s->logs.t_connect >= 0) ? s->logs.t_connect - s->logs.t_queue : -1,
1206 (s->logs.t_data >= 0) ? s->logs.t_data - s->logs.t_connect : -1,
1207 (tolog & LW_BYTES) ? "" : "+", s->logs.t_close,
1208 txn->status,
Willy Tarreau8b3977f2008-01-18 11:16:32 +01001209 (tolog & LW_BYTES) ? "" : "+", s->logs.bytes_out,
Willy Tarreau42250582007-04-01 01:30:43 +02001210 txn->cli_cookie ? txn->cli_cookie : "-",
1211 txn->srv_cookie ? txn->srv_cookie : "-",
1212 sess_term_cond[(s->flags & SN_ERR_MASK) >> SN_ERR_SHIFT],
1213 sess_fin_state[(s->flags & SN_FINST_MASK) >> SN_FINST_SHIFT],
1214 (be->options & PR_O_COOK_ANY) ? sess_cookie[(txn->flags & TX_CK_MASK) >> TX_CK_SHIFT] : '-',
1215 (be->options & PR_O_COOK_ANY) ? sess_set_cookie[(txn->flags & TX_SCK_MASK) >> TX_SCK_SHIFT] : '-',
1216 actconn, fe->feconn, be->beconn, s->srv ? s->srv->cur_sess : 0,
Krzysztof Piotr Oledzki25b501a2008-01-06 16:36:16 +01001217 (s->flags & SN_REDISP)?"+":"",
Willy Tarreauee28de02010-06-01 09:51:00 +02001218 (s->req->cons->conn_retries>0)?(be->conn_retries - s->req->cons->conn_retries):be->conn_retries,
Willy Tarreau42250582007-04-01 01:30:43 +02001219 s->logs.srv_queue_size, s->logs.prx_queue_size, tmpline);
1220
1221 s->logs.logwait = 0;
1222}
1223
Willy Tarreau117f59e2007-03-04 18:17:17 +01001224
1225/*
1226 * Capture headers from message starting at <som> according to header list
1227 * <cap_hdr>, and fill the <idx> structure appropriately.
1228 */
1229void capture_headers(char *som, struct hdr_idx *idx,
1230 char **cap, struct cap_hdr *cap_hdr)
1231{
1232 char *eol, *sol, *col, *sov;
1233 int cur_idx;
1234 struct cap_hdr *h;
1235 int len;
1236
1237 sol = som + hdr_idx_first_pos(idx);
1238 cur_idx = hdr_idx_first_idx(idx);
1239
1240 while (cur_idx) {
1241 eol = sol + idx->v[cur_idx].len;
1242
1243 col = sol;
1244 while (col < eol && *col != ':')
1245 col++;
1246
1247 sov = col + 1;
1248 while (sov < eol && http_is_lws[(unsigned char)*sov])
1249 sov++;
1250
1251 for (h = cap_hdr; h; h = h->next) {
1252 if ((h->namelen == col - sol) &&
1253 (strncasecmp(sol, h->name, h->namelen) == 0)) {
1254 if (cap[h->index] == NULL)
1255 cap[h->index] =
Willy Tarreaucf7f3202007-05-13 22:46:04 +02001256 pool_alloc2(h->pool);
Willy Tarreau117f59e2007-03-04 18:17:17 +01001257
1258 if (cap[h->index] == NULL) {
1259 Alert("HTTP capture : out of memory.\n");
1260 continue;
1261 }
1262
1263 len = eol - sov;
1264 if (len > h->len)
1265 len = h->len;
1266
1267 memcpy(cap[h->index], sov, len);
1268 cap[h->index][len]=0;
1269 }
1270 }
1271 sol = eol + idx->v[cur_idx].cr + 1;
1272 cur_idx = idx->v[cur_idx].next;
1273 }
1274}
1275
1276
Willy Tarreau42250582007-04-01 01:30:43 +02001277/* either we find an LF at <ptr> or we jump to <bad>.
1278 */
1279#define EXPECT_LF_HERE(ptr, bad) do { if (unlikely(*(ptr) != '\n')) goto bad; } while (0)
1280
1281/* plays with variables <ptr>, <end> and <state>. Jumps to <good> if OK,
1282 * otherwise to <http_msg_ood> with <state> set to <st>.
1283 */
1284#define EAT_AND_JUMP_OR_RETURN(good, st) do { \
1285 ptr++; \
1286 if (likely(ptr < end)) \
1287 goto good; \
1288 else { \
1289 state = (st); \
1290 goto http_msg_ood; \
1291 } \
1292 } while (0)
1293
1294
Willy Tarreaubaaee002006-06-26 02:48:02 +02001295/*
Willy Tarreaua15645d2007-03-18 16:22:39 +01001296 * This function parses a status line between <ptr> and <end>, starting with
Willy Tarreau8973c702007-01-21 23:58:29 +01001297 * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP,
1298 * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others
1299 * will give undefined results.
1300 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1301 * and that msg->sol points to the beginning of the response.
1302 * If a complete line is found (which implies that at least one CR or LF is
1303 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1304 * returned indicating an incomplete line (which does not mean that parts have
1305 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1306 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1307 * upon next call.
1308 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001309 * This function was intentionally designed to be called from
Willy Tarreau8973c702007-01-21 23:58:29 +01001310 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1311 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001312 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreau8973c702007-01-21 23:58:29 +01001313 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001314const char *http_parse_stsline(struct http_msg *msg, const char *msg_buf,
1315 unsigned int state, const char *ptr, const char *end,
1316 char **ret_ptr, unsigned int *ret_state)
Willy Tarreau8973c702007-01-21 23:58:29 +01001317{
Willy Tarreau8973c702007-01-21 23:58:29 +01001318 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001319 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001320 http_msg_rpver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001321 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8973c702007-01-21 23:58:29 +01001322 EAT_AND_JUMP_OR_RETURN(http_msg_rpver, HTTP_MSG_RPVER);
1323
1324 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001325 msg->sl.st.v_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001326 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1327 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001328 state = HTTP_MSG_ERROR;
1329 break;
1330
Willy Tarreau8973c702007-01-21 23:58:29 +01001331 case HTTP_MSG_RPVER_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001332 http_msg_rpver_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001333 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001334 msg->sl.st.c = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001335 goto http_msg_rpcode;
1336 }
1337 if (likely(HTTP_IS_SPHT(*ptr)))
1338 EAT_AND_JUMP_OR_RETURN(http_msg_rpver_sp, HTTP_MSG_RPVER_SP);
1339 /* so it's a CR/LF, this is invalid */
Willy Tarreau7552c032009-03-01 11:10:40 +01001340 state = HTTP_MSG_ERROR;
1341 break;
Willy Tarreau8973c702007-01-21 23:58:29 +01001342
Willy Tarreau8973c702007-01-21 23:58:29 +01001343 case HTTP_MSG_RPCODE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001344 http_msg_rpcode:
Willy Tarreau8973c702007-01-21 23:58:29 +01001345 if (likely(!HTTP_IS_LWS(*ptr)))
1346 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode, HTTP_MSG_RPCODE);
1347
1348 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001349 msg->sl.st.c_l = (ptr - msg_buf) - msg->som - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001350 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1351 }
1352
1353 /* so it's a CR/LF, so there is no reason phrase */
Willy Tarreau962c3f42010-01-10 00:15:35 +01001354 msg->sl.st.c_l = (ptr - msg_buf) - msg->som - msg->sl.st.c;
Willy Tarreau8973c702007-01-21 23:58:29 +01001355 http_msg_rsp_reason:
1356 /* FIXME: should we support HTTP responses without any reason phrase ? */
Willy Tarreau962c3f42010-01-10 00:15:35 +01001357 msg->sl.st.r = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001358 msg->sl.st.r_l = 0;
1359 goto http_msg_rpline_eol;
1360
Willy Tarreau8973c702007-01-21 23:58:29 +01001361 case HTTP_MSG_RPCODE_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001362 http_msg_rpcode_sp:
Willy Tarreau8973c702007-01-21 23:58:29 +01001363 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001364 msg->sl.st.r = (ptr - msg_buf) - msg->som;
Willy Tarreau8973c702007-01-21 23:58:29 +01001365 goto http_msg_rpreason;
1366 }
1367 if (likely(HTTP_IS_SPHT(*ptr)))
1368 EAT_AND_JUMP_OR_RETURN(http_msg_rpcode_sp, HTTP_MSG_RPCODE_SP);
1369 /* so it's a CR/LF, so there is no reason phrase */
1370 goto http_msg_rsp_reason;
1371
Willy Tarreau8973c702007-01-21 23:58:29 +01001372 case HTTP_MSG_RPREASON:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001373 http_msg_rpreason:
Willy Tarreau8973c702007-01-21 23:58:29 +01001374 if (likely(!HTTP_IS_CRLF(*ptr)))
1375 EAT_AND_JUMP_OR_RETURN(http_msg_rpreason, HTTP_MSG_RPREASON);
Willy Tarreau962c3f42010-01-10 00:15:35 +01001376 msg->sl.st.r_l = (ptr - msg_buf) - msg->som - msg->sl.st.r;
Willy Tarreau8973c702007-01-21 23:58:29 +01001377 http_msg_rpline_eol:
1378 /* We have seen the end of line. Note that we do not
1379 * necessarily have the \n yet, but at least we know that we
1380 * have EITHER \r OR \n, otherwise the response would not be
1381 * complete. We can then record the response length and return
1382 * to the caller which will be able to register it.
1383 */
1384 msg->sl.st.l = ptr - msg->sol;
1385 return ptr;
1386
1387#ifdef DEBUG_FULL
1388 default:
1389 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1390 exit(1);
1391#endif
1392 }
1393
1394 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001395 /* out of valid data */
Willy Tarreau8973c702007-01-21 23:58:29 +01001396 if (ret_state)
1397 *ret_state = state;
1398 if (ret_ptr)
1399 *ret_ptr = (char *)ptr;
1400 return NULL;
Willy Tarreau8973c702007-01-21 23:58:29 +01001401}
1402
Willy Tarreau8973c702007-01-21 23:58:29 +01001403/*
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001404 * This function parses a request line between <ptr> and <end>, starting with
1405 * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP,
1406 * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others
1407 * will give undefined results.
1408 * Note that it is upon the caller's responsibility to ensure that ptr < end,
1409 * and that msg->sol points to the beginning of the request.
1410 * If a complete line is found (which implies that at least one CR or LF is
1411 * found before <end>, the updated <ptr> is returned, otherwise NULL is
1412 * returned indicating an incomplete line (which does not mean that parts have
1413 * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are
1414 * non-NULL, they are fed with the new <ptr> and <state> values to be passed
1415 * upon next call.
1416 *
Willy Tarreau9cdde232007-05-02 20:58:19 +02001417 * This function was intentionally designed to be called from
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001418 * http_msg_analyzer() with the lowest overhead. It should integrate perfectly
1419 * within its state machine and use the same macros, hence the need for same
Willy Tarreau9cdde232007-05-02 20:58:19 +02001420 * labels and variable names. Note that msg->sol is left unchanged.
Willy Tarreaubaaee002006-06-26 02:48:02 +02001421 */
Willy Tarreaue69eada2008-01-27 00:34:10 +01001422const char *http_parse_reqline(struct http_msg *msg, const char *msg_buf,
1423 unsigned int state, const char *ptr, const char *end,
1424 char **ret_ptr, unsigned int *ret_state)
Willy Tarreaubaaee002006-06-26 02:48:02 +02001425{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001426 switch (state) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001427 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001428 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001429 if (likely(HTTP_IS_TOKEN(*ptr)))
1430 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth, HTTP_MSG_RQMETH);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001431
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001432 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001433 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001434 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1435 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001436
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001437 if (likely(HTTP_IS_CRLF(*ptr))) {
1438 /* HTTP 0.9 request */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001439 msg->sl.rq.m_l = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001440 http_msg_req09_uri:
Willy Tarreau962c3f42010-01-10 00:15:35 +01001441 msg->sl.rq.u = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001442 http_msg_req09_uri_e:
Willy Tarreau962c3f42010-01-10 00:15:35 +01001443 msg->sl.rq.u_l = (ptr - msg_buf) - msg->som - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001444 http_msg_req09_ver:
Willy Tarreau962c3f42010-01-10 00:15:35 +01001445 msg->sl.rq.v = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001446 msg->sl.rq.v_l = 0;
1447 goto http_msg_rqline_eol;
1448 }
Willy Tarreau7552c032009-03-01 11:10:40 +01001449 state = HTTP_MSG_ERROR;
1450 break;
1451
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001452 case HTTP_MSG_RQMETH_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001453 http_msg_rqmeth_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001454 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001455 msg->sl.rq.u = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001456 goto http_msg_rquri;
1457 }
1458 if (likely(HTTP_IS_SPHT(*ptr)))
1459 EAT_AND_JUMP_OR_RETURN(http_msg_rqmeth_sp, HTTP_MSG_RQMETH_SP);
1460 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1461 goto http_msg_req09_uri;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001462
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001463 case HTTP_MSG_RQURI:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001464 http_msg_rquri:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001465 if (likely(!HTTP_IS_LWS(*ptr)))
1466 EAT_AND_JUMP_OR_RETURN(http_msg_rquri, HTTP_MSG_RQURI);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001467
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001468 if (likely(HTTP_IS_SPHT(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001469 msg->sl.rq.u_l = (ptr - msg_buf) - msg->som - msg->sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001470 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1471 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001472
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001473 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1474 goto http_msg_req09_uri_e;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001475
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001476 case HTTP_MSG_RQURI_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001477 http_msg_rquri_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001478 if (likely(!HTTP_IS_LWS(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001479 msg->sl.rq.v = (ptr - msg_buf) - msg->som;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001480 goto http_msg_rqver;
1481 }
1482 if (likely(HTTP_IS_SPHT(*ptr)))
1483 EAT_AND_JUMP_OR_RETURN(http_msg_rquri_sp, HTTP_MSG_RQURI_SP);
1484 /* so it's a CR/LF, meaning an HTTP 0.9 request */
1485 goto http_msg_req09_ver;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001486
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001487 case HTTP_MSG_RQVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001488 http_msg_rqver:
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001489 if (likely(HTTP_IS_VER_TOKEN(*ptr)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001490 EAT_AND_JUMP_OR_RETURN(http_msg_rqver, HTTP_MSG_RQVER);
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001491
1492 if (likely(HTTP_IS_CRLF(*ptr))) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01001493 msg->sl.rq.v_l = (ptr - msg_buf) - msg->som - msg->sl.rq.v;
Willy Tarreau4b89ad42007-03-04 18:13:58 +01001494 http_msg_rqline_eol:
1495 /* We have seen the end of line. Note that we do not
1496 * necessarily have the \n yet, but at least we know that we
1497 * have EITHER \r OR \n, otherwise the request would not be
1498 * complete. We can then record the request length and return
1499 * to the caller which will be able to register it.
1500 */
1501 msg->sl.rq.l = ptr - msg->sol;
1502 return ptr;
1503 }
1504
1505 /* neither an HTTP_VER token nor a CRLF */
Willy Tarreau7552c032009-03-01 11:10:40 +01001506 state = HTTP_MSG_ERROR;
1507 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001508
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001509#ifdef DEBUG_FULL
1510 default:
1511 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1512 exit(1);
1513#endif
1514 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001515
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001516 http_msg_ood:
Willy Tarreau7552c032009-03-01 11:10:40 +01001517 /* out of valid data */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001518 if (ret_state)
1519 *ret_state = state;
1520 if (ret_ptr)
1521 *ret_ptr = (char *)ptr;
1522 return NULL;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001523}
Willy Tarreau58f10d72006-12-04 02:26:12 +01001524
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001525/*
1526 * Returns the data from Authorization header. Function may be called more
1527 * than once so data is stored in txn->auth_data. When no header is found
1528 * or auth method is unknown auth_method is set to HTTP_AUTH_WRONG to avoid
1529 * searching again for something we are unable to find anyway.
1530 */
1531
1532char get_http_auth_buff[BUFSIZE];
1533
1534int
1535get_http_auth(struct session *s)
1536{
1537
1538 struct http_txn *txn = &s->txn;
1539 struct chunk auth_method;
1540 struct hdr_ctx ctx;
1541 char *h, *p;
1542 int len;
1543
1544#ifdef DEBUG_AUTH
1545 printf("Auth for session %p: %d\n", s, txn->auth.method);
1546#endif
1547
1548 if (txn->auth.method == HTTP_AUTH_WRONG)
1549 return 0;
1550
1551 if (txn->auth.method)
1552 return 1;
1553
1554 txn->auth.method = HTTP_AUTH_WRONG;
1555
1556 ctx.idx = 0;
Willy Tarreau844a7e72010-01-31 21:46:18 +01001557
1558 if (txn->flags & TX_USE_PX_CONN) {
1559 h = "Proxy-Authorization";
1560 len = strlen(h);
1561 } else {
1562 h = "Authorization";
1563 len = strlen(h);
1564 }
1565
1566 if (!http_find_header2(h, len, txn->req.sol, &txn->hdr_idx, &ctx))
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01001567 return 0;
1568
1569 h = ctx.line + ctx.val;
1570
1571 p = memchr(h, ' ', ctx.vlen);
1572 if (!p || p == h)
1573 return 0;
1574
1575 chunk_initlen(&auth_method, h, 0, p-h);
1576 chunk_initlen(&txn->auth.method_data, p+1, 0, ctx.vlen-(p-h)-1);
1577
1578 if (!strncasecmp("Basic", auth_method.str, auth_method.len)) {
1579
1580 len = base64dec(txn->auth.method_data.str, txn->auth.method_data.len,
1581 get_http_auth_buff, BUFSIZE - 1);
1582
1583 if (len < 0)
1584 return 0;
1585
1586
1587 get_http_auth_buff[len] = '\0';
1588
1589 p = strchr(get_http_auth_buff, ':');
1590
1591 if (!p)
1592 return 0;
1593
1594 txn->auth.user = get_http_auth_buff;
1595 *p = '\0';
1596 txn->auth.pass = p+1;
1597
1598 txn->auth.method = HTTP_AUTH_BASIC;
1599 return 1;
1600 }
1601
1602 return 0;
1603}
1604
Willy Tarreau58f10d72006-12-04 02:26:12 +01001605
Willy Tarreau8973c702007-01-21 23:58:29 +01001606/*
1607 * This function parses an HTTP message, either a request or a response,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001608 * depending on the initial msg->msg_state. It can be preempted everywhere
Willy Tarreau8973c702007-01-21 23:58:29 +01001609 * when data are missing and recalled at the exact same location with no
1610 * information loss. The header index is re-initialized when switching from
Willy Tarreau9cdde232007-05-02 20:58:19 +02001611 * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other
Willy Tarreau15de77e2010-01-02 21:59:16 +01001612 * fields. Note that msg->som and msg->sol will be initialized after completing
1613 * the first state, so that none of the msg pointers has to be initialized
1614 * prior to the first call.
Willy Tarreau8973c702007-01-21 23:58:29 +01001615 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001616void http_msg_analyzer(struct buffer *buf, struct http_msg *msg, struct hdr_idx *idx)
1617{
Willy Tarreaue69eada2008-01-27 00:34:10 +01001618 unsigned int state; /* updated only when leaving the FSM */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001619 register char *ptr, *end; /* request pointers, to avoid dereferences */
Willy Tarreau58f10d72006-12-04 02:26:12 +01001620
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001621 state = msg->msg_state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001622 ptr = buf->lr;
1623 end = buf->r;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001624
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001625 if (unlikely(ptr >= end))
1626 goto http_msg_ood;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001627
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001628 switch (state) {
Willy Tarreau8973c702007-01-21 23:58:29 +01001629 /*
1630 * First, states that are specific to the response only.
1631 * We check them first so that request and headers are
1632 * closer to each other (accessed more often).
1633 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001634 case HTTP_MSG_RPBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001635 http_msg_rpbefore:
Willy Tarreau8973c702007-01-21 23:58:29 +01001636 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001637 /* we have a start of message, but we have to check
1638 * first if we need to remove some CRLF. We can only
1639 * do this when send_max=0.
1640 */
1641 char *beg = buf->w + buf->send_max;
1642 if (beg >= buf->data + buf->size)
1643 beg -= buf->size;
1644 if (unlikely(ptr != beg)) {
1645 if (buf->send_max)
1646 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001647 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreau15de77e2010-01-02 21:59:16 +01001648 buffer_ignore(buf, ptr - beg);
Willy Tarreau8973c702007-01-21 23:58:29 +01001649 }
Willy Tarreau15de77e2010-01-02 21:59:16 +01001650 msg->som = ptr - buf->data;
Willy Tarreau816b9792009-09-15 21:25:21 +02001651 msg->sol = ptr;
Willy Tarreau8973c702007-01-21 23:58:29 +01001652 hdr_idx_init(idx);
1653 state = HTTP_MSG_RPVER;
1654 goto http_msg_rpver;
1655 }
1656
1657 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1658 goto http_msg_invalid;
1659
1660 if (unlikely(*ptr == '\n'))
1661 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1662 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore_cr, HTTP_MSG_RPBEFORE_CR);
1663 /* stop here */
1664
Willy Tarreau8973c702007-01-21 23:58:29 +01001665 case HTTP_MSG_RPBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001666 http_msg_rpbefore_cr:
Willy Tarreau8973c702007-01-21 23:58:29 +01001667 EXPECT_LF_HERE(ptr, http_msg_invalid);
1668 EAT_AND_JUMP_OR_RETURN(http_msg_rpbefore, HTTP_MSG_RPBEFORE);
1669 /* stop here */
1670
Willy Tarreau8973c702007-01-21 23:58:29 +01001671 case HTTP_MSG_RPVER:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001672 http_msg_rpver:
Willy Tarreau8973c702007-01-21 23:58:29 +01001673 case HTTP_MSG_RPVER_SP:
1674 case HTTP_MSG_RPCODE:
1675 case HTTP_MSG_RPCODE_SP:
1676 case HTTP_MSG_RPREASON:
Willy Tarreaua15645d2007-03-18 16:22:39 +01001677 ptr = (char *)http_parse_stsline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001678 &buf->lr, &msg->msg_state);
Willy Tarreau8973c702007-01-21 23:58:29 +01001679 if (unlikely(!ptr))
1680 return;
1681
1682 /* we have a full response and we know that we have either a CR
1683 * or an LF at <ptr>.
1684 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001685 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.st.l, *ptr);
Willy Tarreau8973c702007-01-21 23:58:29 +01001686 hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r');
1687
1688 msg->sol = ptr;
1689 if (likely(*ptr == '\r'))
1690 EAT_AND_JUMP_OR_RETURN(http_msg_rpline_end, HTTP_MSG_RPLINE_END);
1691 goto http_msg_rpline_end;
1692
Willy Tarreau8973c702007-01-21 23:58:29 +01001693 case HTTP_MSG_RPLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001694 http_msg_rpline_end:
Willy Tarreau8973c702007-01-21 23:58:29 +01001695 /* msg->sol must point to the first of CR or LF. */
1696 EXPECT_LF_HERE(ptr, http_msg_invalid);
1697 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
1698 /* stop here */
1699
1700 /*
1701 * Second, states that are specific to the request only
1702 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001703 case HTTP_MSG_RQBEFORE:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001704 http_msg_rqbefore:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001705 if (likely(HTTP_IS_TOKEN(*ptr))) {
Willy Tarreau15de77e2010-01-02 21:59:16 +01001706 /* we have a start of message, but we have to check
1707 * first if we need to remove some CRLF. We can only
1708 * do this when send_max=0.
1709 */
1710 char *beg = buf->w + buf->send_max;
1711 if (beg >= buf->data + buf->size)
1712 beg -= buf->size;
1713 if (likely(ptr != beg)) {
1714 if (buf->send_max)
1715 goto http_msg_ood;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001716 /* Remove empty leading lines, as recommended by RFC2616. */
Willy Tarreau15de77e2010-01-02 21:59:16 +01001717 buffer_ignore(buf, ptr - beg);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001718 }
Willy Tarreau15de77e2010-01-02 21:59:16 +01001719 msg->som = ptr - buf->data;
Willy Tarreau1d3bcce2009-12-27 15:50:06 +01001720 msg->sol = ptr;
Willy Tarreauf0d058e2007-01-25 12:03:42 +01001721 /* we will need this when keep-alive will be supported
1722 hdr_idx_init(idx);
1723 */
Willy Tarreau8973c702007-01-21 23:58:29 +01001724 state = HTTP_MSG_RQMETH;
1725 goto http_msg_rqmeth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001726 }
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001727
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001728 if (unlikely(!HTTP_IS_CRLF(*ptr)))
1729 goto http_msg_invalid;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001730
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001731 if (unlikely(*ptr == '\n'))
1732 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
1733 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore_cr, HTTP_MSG_RQBEFORE_CR);
Willy Tarreau8973c702007-01-21 23:58:29 +01001734 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001735
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001736 case HTTP_MSG_RQBEFORE_CR:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001737 http_msg_rqbefore_cr:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001738 EXPECT_LF_HERE(ptr, http_msg_invalid);
1739 EAT_AND_JUMP_OR_RETURN(http_msg_rqbefore, HTTP_MSG_RQBEFORE);
Willy Tarreau8973c702007-01-21 23:58:29 +01001740 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001741
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001742 case HTTP_MSG_RQMETH:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001743 http_msg_rqmeth:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001744 case HTTP_MSG_RQMETH_SP:
1745 case HTTP_MSG_RQURI:
1746 case HTTP_MSG_RQURI_SP:
1747 case HTTP_MSG_RQVER:
1748 ptr = (char *)http_parse_reqline(msg, buf->data, state, ptr, end,
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001749 &buf->lr, &msg->msg_state);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001750 if (unlikely(!ptr))
1751 return;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001752
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001753 /* we have a full request and we know that we have either a CR
1754 * or an LF at <ptr>.
1755 */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001756 //fprintf(stderr,"som=%d rq.l=%d *ptr=0x%02x\n", msg->som, msg->sl.rq.l, *ptr);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001757 hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r');
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001758
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001759 msg->sol = ptr;
1760 if (likely(*ptr == '\r'))
1761 EAT_AND_JUMP_OR_RETURN(http_msg_rqline_end, HTTP_MSG_RQLINE_END);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001762 goto http_msg_rqline_end;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001763
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001764 case HTTP_MSG_RQLINE_END:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001765 http_msg_rqline_end:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001766 /* check for HTTP/0.9 request : no version information available.
1767 * msg->sol must point to the first of CR or LF.
1768 */
1769 if (unlikely(msg->sl.rq.v_l == 0))
1770 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001771
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001772 EXPECT_LF_HERE(ptr, http_msg_invalid);
1773 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_first, HTTP_MSG_HDR_FIRST);
Willy Tarreau8973c702007-01-21 23:58:29 +01001774 /* stop here */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001775
Willy Tarreau8973c702007-01-21 23:58:29 +01001776 /*
1777 * Common states below
1778 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001779 case HTTP_MSG_HDR_FIRST:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001780 http_msg_hdr_first:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001781 msg->sol = ptr;
1782 if (likely(!HTTP_IS_CRLF(*ptr))) {
1783 goto http_msg_hdr_name;
1784 }
1785
1786 if (likely(*ptr == '\r'))
1787 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1788 goto http_msg_last_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001789
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001790 case HTTP_MSG_HDR_NAME:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001791 http_msg_hdr_name:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001792 /* assumes msg->sol points to the first char */
1793 if (likely(HTTP_IS_TOKEN(*ptr)))
1794 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau58f10d72006-12-04 02:26:12 +01001795
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001796 if (likely(*ptr == ':')) {
1797 msg->col = ptr - buf->data;
1798 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
1799 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01001800
Willy Tarreau32a4ec02009-04-02 11:35:18 +02001801 if (likely(msg->err_pos < -1) || *ptr == '\n')
1802 goto http_msg_invalid;
1803
1804 if (msg->err_pos == -1) /* capture error pointer */
1805 msg->err_pos = ptr - buf->data; /* >= 0 now */
1806
1807 /* and we still accept this non-token character */
1808 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_name, HTTP_MSG_HDR_NAME);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001809
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001810 case HTTP_MSG_HDR_L1_SP:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001811 http_msg_hdr_l1_sp:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001812 /* assumes msg->sol points to the first char and msg->col to the colon */
1813 if (likely(HTTP_IS_SPHT(*ptr)))
1814 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_sp, HTTP_MSG_HDR_L1_SP);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001815
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001816 /* header value can be basically anything except CR/LF */
1817 msg->sov = ptr - buf->data;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001818
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001819 if (likely(!HTTP_IS_CRLF(*ptr))) {
1820 goto http_msg_hdr_val;
1821 }
1822
1823 if (likely(*ptr == '\r'))
1824 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lf, HTTP_MSG_HDR_L1_LF);
1825 goto http_msg_hdr_l1_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001826
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001827 case HTTP_MSG_HDR_L1_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001828 http_msg_hdr_l1_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001829 EXPECT_LF_HERE(ptr, http_msg_invalid);
1830 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l1_lws, HTTP_MSG_HDR_L1_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001831
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001832 case HTTP_MSG_HDR_L1_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001833 http_msg_hdr_l1_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001834 if (likely(HTTP_IS_SPHT(*ptr))) {
1835 /* replace HT,CR,LF with spaces */
1836 for (; buf->data+msg->sov < ptr; msg->sov++)
1837 buf->data[msg->sov] = ' ';
1838 goto http_msg_hdr_l1_sp;
1839 }
Willy Tarreauaa9dce32007-03-18 23:50:16 +01001840 /* we had a header consisting only in spaces ! */
1841 msg->eol = buf->data + msg->sov;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001842 goto http_msg_complete_header;
1843
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001844 case HTTP_MSG_HDR_VAL:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001845 http_msg_hdr_val:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001846 /* assumes msg->sol points to the first char, msg->col to the
1847 * colon, and msg->sov points to the first character of the
1848 * value.
1849 */
1850 if (likely(!HTTP_IS_CRLF(*ptr)))
1851 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_val, HTTP_MSG_HDR_VAL);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001852
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001853 msg->eol = ptr;
1854 /* Note: we could also copy eol into ->eoh so that we have the
1855 * real header end in case it ends with lots of LWS, but is this
1856 * really needed ?
1857 */
1858 if (likely(*ptr == '\r'))
1859 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lf, HTTP_MSG_HDR_L2_LF);
1860 goto http_msg_hdr_l2_lf;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001861
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001862 case HTTP_MSG_HDR_L2_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001863 http_msg_hdr_l2_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001864 EXPECT_LF_HERE(ptr, http_msg_invalid);
1865 EAT_AND_JUMP_OR_RETURN(http_msg_hdr_l2_lws, HTTP_MSG_HDR_L2_LWS);
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001866
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001867 case HTTP_MSG_HDR_L2_LWS:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001868 http_msg_hdr_l2_lws:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001869 if (unlikely(HTTP_IS_SPHT(*ptr))) {
1870 /* LWS: replace HT,CR,LF with spaces */
1871 for (; msg->eol < ptr; msg->eol++)
1872 *msg->eol = ' ';
1873 goto http_msg_hdr_val;
1874 }
1875 http_msg_complete_header:
1876 /*
1877 * It was a new header, so the last one is finished.
1878 * Assumes msg->sol points to the first char, msg->col to the
1879 * colon, msg->sov points to the first character of the value
1880 * and msg->eol to the first CR or LF so we know how the line
1881 * ends. We insert last header into the index.
1882 */
1883 /*
1884 fprintf(stderr,"registering %-2d bytes : ", msg->eol - msg->sol);
1885 write(2, msg->sol, msg->eol-msg->sol);
1886 fprintf(stderr,"\n");
1887 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01001888
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001889 if (unlikely(hdr_idx_add(msg->eol - msg->sol, *msg->eol == '\r',
1890 idx, idx->tail) < 0))
1891 goto http_msg_invalid;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001892
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001893 msg->sol = ptr;
1894 if (likely(!HTTP_IS_CRLF(*ptr))) {
1895 goto http_msg_hdr_name;
1896 }
1897
1898 if (likely(*ptr == '\r'))
1899 EAT_AND_JUMP_OR_RETURN(http_msg_last_lf, HTTP_MSG_LAST_LF);
1900 goto http_msg_last_lf;
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001901
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001902 case HTTP_MSG_LAST_LF:
Willy Tarreaue3f284a2010-09-28 19:42:42 +02001903 http_msg_last_lf:
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001904 /* Assumes msg->sol points to the first of either CR or LF */
1905 EXPECT_LF_HERE(ptr, http_msg_invalid);
1906 ptr++;
1907 buf->lr = ptr;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001908 msg->col = msg->sov = buf->lr - buf->data;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001909 msg->eoh = msg->sol - buf->data;
Willy Tarreau962c3f42010-01-10 00:15:35 +01001910 msg->sol = buf->data + msg->som;
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001911 msg->msg_state = HTTP_MSG_BODY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001912 return;
1913#ifdef DEBUG_FULL
1914 default:
1915 fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state);
1916 exit(1);
Willy Tarreau230fd0b2006-12-17 12:05:00 +01001917#endif
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001918 }
1919 http_msg_ood:
1920 /* out of data */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001921 msg->msg_state = state;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001922 buf->lr = ptr;
1923 return;
Willy Tarreau58f10d72006-12-04 02:26:12 +01001924
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001925 http_msg_invalid:
1926 /* invalid message */
Willy Tarreaub326fcc2007-03-03 13:54:32 +01001927 msg->msg_state = HTTP_MSG_ERROR;
Willy Tarreau7552c032009-03-01 11:10:40 +01001928 buf->lr = ptr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01001929 return;
1930}
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01001931
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001932/* convert an HTTP/0.9 request into an HTTP/1.0 request. Returns 1 if the
1933 * conversion succeeded, 0 in case of error. If the request was already 1.X,
1934 * nothing is done and 1 is returned.
1935 */
1936static int http_upgrade_v09_to_v10(struct buffer *req, struct http_msg *msg, struct http_txn *txn)
1937{
1938 int delta;
1939 char *cur_end;
1940
1941 if (msg->sl.rq.v_l != 0)
1942 return 1;
1943
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001944 cur_end = msg->sol + msg->sl.rq.l;
1945 delta = 0;
1946
1947 if (msg->sl.rq.u_l == 0) {
1948 /* if no URI was set, add "/" */
1949 delta = buffer_replace2(req, cur_end, cur_end, " /", 2);
1950 cur_end += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01001951 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001952 }
1953 /* add HTTP version */
1954 delta = buffer_replace2(req, cur_end, cur_end, " HTTP/1.0\r\n", 11);
Willy Tarreaufa355d42009-11-29 18:12:29 +01001955 http_msg_move_end(msg, delta);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02001956 cur_end += delta;
1957 cur_end = (char *)http_parse_reqline(msg, req->data,
1958 HTTP_MSG_RQMETH,
1959 msg->sol, cur_end + 1,
1960 NULL, NULL);
1961 if (unlikely(!cur_end))
1962 return 0;
1963
1964 /* we have a full HTTP/1.0 request now and we know that
1965 * we have either a CR or an LF at <ptr>.
1966 */
1967 hdr_idx_set_start(&txn->hdr_idx, msg->sl.rq.l, *cur_end == '\r');
1968 return 1;
1969}
1970
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001971/* Parse the Connection: header of an HTTP request, looking for both "close"
1972 * and "keep-alive" values. If a buffer is provided and we already know that
1973 * some headers may safely be removed, we remove them now. The <to_del> flags
1974 * are used for that :
1975 * - bit 0 means remove "close" headers (in HTTP/1.0 requests/responses)
1976 * - bit 1 means remove "keep-alive" headers (in HTTP/1.1 reqs/resp to 1.1).
1977 * The TX_HDR_CONN_* flags are adjusted in txn->flags depending on what was
1978 * found, and TX_CON_*_SET is adjusted depending on what is left so only
1979 * harmless combinations may be removed. Do not call that after changes have
1980 * been processed. If unused, the buffer can be NULL, and no data will be
1981 * changed.
Willy Tarreau5b154472009-12-21 20:11:07 +01001982 */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001983void http_parse_connection_header(struct http_txn *txn, struct http_msg *msg, struct buffer *buf, int to_del)
Willy Tarreau5b154472009-12-21 20:11:07 +01001984{
Willy Tarreau5b154472009-12-21 20:11:07 +01001985 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01001986 const char *hdr_val = "Connection";
1987 int hdr_len = 10;
Willy Tarreau5b154472009-12-21 20:11:07 +01001988
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001989 if (txn->flags & TX_HDR_CONN_PRS)
Willy Tarreau5b154472009-12-21 20:11:07 +01001990 return;
1991
Willy Tarreau88d349d2010-01-25 12:15:43 +01001992 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
1993 hdr_val = "Proxy-Connection";
1994 hdr_len = 16;
1995 }
1996
Willy Tarreau5b154472009-12-21 20:11:07 +01001997 ctx.idx = 0;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01001998 txn->flags &= ~(TX_CON_KAL_SET|TX_CON_CLO_SET);
Willy Tarreau88d349d2010-01-25 12:15:43 +01001999 while (http_find_header2(hdr_val, hdr_len, msg->sol, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002000 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
2001 txn->flags |= TX_HDR_CONN_KAL;
2002 if ((to_del & 2) && buf)
2003 http_remove_header2(msg, buf, &txn->hdr_idx, &ctx);
2004 else
2005 txn->flags |= TX_CON_KAL_SET;
2006 }
2007 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
2008 txn->flags |= TX_HDR_CONN_CLO;
2009 if ((to_del & 1) && buf)
2010 http_remove_header2(msg, buf, &txn->hdr_idx, &ctx);
2011 else
2012 txn->flags |= TX_CON_CLO_SET;
2013 }
Willy Tarreau5b154472009-12-21 20:11:07 +01002014 }
2015
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002016 txn->flags |= TX_HDR_CONN_PRS;
2017 return;
2018}
Willy Tarreau5b154472009-12-21 20:11:07 +01002019
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002020/* Apply desired changes on the Connection: header. Values may be removed and/or
2021 * added depending on the <wanted> flags, which are exclusively composed of
2022 * TX_CON_CLO_SET and TX_CON_KAL_SET, depending on what flags are desired. The
2023 * TX_CON_*_SET flags are adjusted in txn->flags depending on what is left.
2024 */
2025void http_change_connection_header(struct http_txn *txn, struct http_msg *msg, struct buffer *buf, int wanted)
2026{
2027 struct hdr_ctx ctx;
Willy Tarreau88d349d2010-01-25 12:15:43 +01002028 const char *hdr_val = "Connection";
2029 int hdr_len = 10;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002030
2031 ctx.idx = 0;
2032
Willy Tarreau88d349d2010-01-25 12:15:43 +01002033
2034 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
2035 hdr_val = "Proxy-Connection";
2036 hdr_len = 16;
2037 }
2038
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002039 txn->flags &= ~(TX_CON_CLO_SET | TX_CON_KAL_SET);
Willy Tarreau88d349d2010-01-25 12:15:43 +01002040 while (http_find_header2(hdr_val, hdr_len, msg->sol, &txn->hdr_idx, &ctx)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002041 if (ctx.vlen >= 10 && word_match(ctx.line + ctx.val, ctx.vlen, "keep-alive", 10)) {
2042 if (wanted & TX_CON_KAL_SET)
2043 txn->flags |= TX_CON_KAL_SET;
2044 else
2045 http_remove_header2(msg, buf, &txn->hdr_idx, &ctx);
Willy Tarreau5b154472009-12-21 20:11:07 +01002046 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002047 else if (ctx.vlen >= 5 && word_match(ctx.line + ctx.val, ctx.vlen, "close", 5)) {
2048 if (wanted & TX_CON_CLO_SET)
2049 txn->flags |= TX_CON_CLO_SET;
2050 else
2051 http_remove_header2(msg, buf, &txn->hdr_idx, &ctx);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01002052 }
Willy Tarreau5b154472009-12-21 20:11:07 +01002053 }
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002054
2055 if (wanted == (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
2056 return;
2057
2058 if ((wanted & TX_CON_CLO_SET) && !(txn->flags & TX_CON_CLO_SET)) {
2059 txn->flags |= TX_CON_CLO_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01002060 hdr_val = "Connection: close";
2061 hdr_len = 17;
2062 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
2063 hdr_val = "Proxy-Connection: close";
2064 hdr_len = 23;
2065 }
2066 http_header_add_tail2(buf, msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002067 }
2068
2069 if ((wanted & TX_CON_KAL_SET) && !(txn->flags & TX_CON_KAL_SET)) {
2070 txn->flags |= TX_CON_KAL_SET;
Willy Tarreau88d349d2010-01-25 12:15:43 +01002071 hdr_val = "Connection: keep-alive";
2072 hdr_len = 22;
2073 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
2074 hdr_val = "Proxy-Connection: keep-alive";
2075 hdr_len = 28;
2076 }
2077 http_header_add_tail2(buf, msg, &txn->hdr_idx, hdr_val, hdr_len);
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002078 }
2079 return;
Willy Tarreau5b154472009-12-21 20:11:07 +01002080}
2081
Willy Tarreaud98cf932009-12-27 22:54:55 +01002082/* Parse the chunk size at buf->lr. Once done, it adjusts ->lr to point to the
2083 * first byte of body, and increments msg->sov by the number of bytes parsed,
2084 * so that we know we can forward between ->som and ->sov. Note that due to
2085 * possible wrapping at the end of the buffer, it is possible that msg->sov is
2086 * lower than msg->som.
Willy Tarreau115acb92009-12-26 13:56:06 +01002087 * Return >0 on success, 0 when some data is missing, <0 on error.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002088 * Note: this function is designed to parse wrapped CRLF at the end of the buffer.
Willy Tarreau115acb92009-12-26 13:56:06 +01002089 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01002090int http_parse_chunk_size(struct buffer *buf, struct http_msg *msg)
Willy Tarreau115acb92009-12-26 13:56:06 +01002091{
Willy Tarreaud98cf932009-12-27 22:54:55 +01002092 char *ptr = buf->lr;
2093 char *end = buf->data + buf->size;
Willy Tarreau115acb92009-12-26 13:56:06 +01002094 unsigned int chunk = 0;
2095
2096 /* The chunk size is in the following form, though we are only
2097 * interested in the size and CRLF :
2098 * 1*HEXDIGIT *WSP *[ ';' extensions ] CRLF
2099 */
2100 while (1) {
2101 int c;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002102 if (ptr == buf->r)
Willy Tarreau115acb92009-12-26 13:56:06 +01002103 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002104 c = hex2i(*ptr);
Willy Tarreau115acb92009-12-26 13:56:06 +01002105 if (c < 0) /* not a hex digit anymore */
2106 break;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002107 if (++ptr >= end)
2108 ptr = buf->data;
Willy Tarreau115acb92009-12-26 13:56:06 +01002109 if (chunk & 0xF000000) /* overflow will occur */
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002110 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01002111 chunk = (chunk << 4) + c;
2112 }
2113
Willy Tarreaud98cf932009-12-27 22:54:55 +01002114 /* empty size not allowed */
2115 if (ptr == buf->lr)
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002116 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002117
2118 while (http_is_spht[(unsigned char)*ptr]) {
2119 if (++ptr >= end)
2120 ptr = buf->data;
2121 if (ptr == buf->r)
Willy Tarreau115acb92009-12-26 13:56:06 +01002122 return 0;
Willy Tarreau115acb92009-12-26 13:56:06 +01002123 }
2124
Willy Tarreaud98cf932009-12-27 22:54:55 +01002125 /* Up to there, we know that at least one byte is present at *ptr. Check
2126 * for the end of chunk size.
2127 */
2128 while (1) {
2129 if (likely(HTTP_IS_CRLF(*ptr))) {
2130 /* we now have a CR or an LF at ptr */
2131 if (likely(*ptr == '\r')) {
2132 if (++ptr >= end)
2133 ptr = buf->data;
2134 if (ptr == buf->r)
2135 return 0;
2136 }
Willy Tarreau115acb92009-12-26 13:56:06 +01002137
Willy Tarreaud98cf932009-12-27 22:54:55 +01002138 if (*ptr != '\n')
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002139 goto error;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002140 if (++ptr >= end)
2141 ptr = buf->data;
2142 /* done */
2143 break;
2144 }
2145 else if (*ptr == ';') {
2146 /* chunk extension, ends at next CRLF */
2147 if (++ptr >= end)
2148 ptr = buf->data;
2149 if (ptr == buf->r)
Willy Tarreau115acb92009-12-26 13:56:06 +01002150 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002151
2152 while (!HTTP_IS_CRLF(*ptr)) {
2153 if (++ptr >= end)
2154 ptr = buf->data;
2155 if (ptr == buf->r)
2156 return 0;
2157 }
2158 /* we have a CRLF now, loop above */
2159 continue;
Willy Tarreau115acb92009-12-26 13:56:06 +01002160 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002161 else
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002162 goto error;
Willy Tarreau115acb92009-12-26 13:56:06 +01002163 }
2164
Willy Tarreaud98cf932009-12-27 22:54:55 +01002165 /* OK we found our CRLF and now <ptr> points to the next byte,
2166 * which may or may not be present. We save that into ->lr and
2167 * ->sov.
Willy Tarreau115acb92009-12-26 13:56:06 +01002168 */
Willy Tarreaud98cf932009-12-27 22:54:55 +01002169 msg->sov += ptr - buf->lr;
2170 buf->lr = ptr;
Willy Tarreau124d9912011-03-01 20:30:48 +01002171 msg->chunk_len = chunk;
2172 msg->body_len += chunk;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002173 msg->msg_state = chunk ? HTTP_MSG_DATA : HTTP_MSG_TRAILERS;
Willy Tarreau115acb92009-12-26 13:56:06 +01002174 return 1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002175 error:
2176 msg->err_pos = ptr - buf->data;
2177 return -1;
Willy Tarreau115acb92009-12-26 13:56:06 +01002178}
2179
Willy Tarreaud98cf932009-12-27 22:54:55 +01002180/* This function skips trailers in the buffer <buf> associated with HTTP
2181 * message <msg>. The first visited position is buf->lr. If the end of
2182 * the trailers is found, it is automatically scheduled to be forwarded,
2183 * msg->msg_state switches to HTTP_MSG_DONE, and the function returns >0.
2184 * If not enough data are available, the function does not change anything
Willy Tarreau638cd022010-01-03 07:42:04 +01002185 * except maybe buf->lr and msg->sov if it could parse some lines, and returns
2186 * zero. If a parse error is encountered, the function returns < 0 and does not
2187 * change anything except maybe buf->lr and msg->sov. Note that the message
2188 * must already be in HTTP_MSG_TRAILERS state before calling this function,
2189 * which implies that all non-trailers data have already been scheduled for
2190 * forwarding, and that the difference between msg->som and msg->sov exactly
2191 * matches the length of trailers already parsed and not forwarded. It is also
2192 * important to note that this function is designed to be able to parse wrapped
2193 * headers at end of buffer.
Willy Tarreaud98cf932009-12-27 22:54:55 +01002194 */
2195int http_forward_trailers(struct buffer *buf, struct http_msg *msg)
2196{
2197 /* we have buf->lr which points to next line. Look for CRLF. */
2198 while (1) {
2199 char *p1 = NULL, *p2 = NULL;
2200 char *ptr = buf->lr;
Willy Tarreau638cd022010-01-03 07:42:04 +01002201 int bytes;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002202
2203 /* scan current line and stop at LF or CRLF */
2204 while (1) {
2205 if (ptr == buf->r)
2206 return 0;
2207
2208 if (*ptr == '\n') {
2209 if (!p1)
2210 p1 = ptr;
2211 p2 = ptr;
2212 break;
2213 }
2214
2215 if (*ptr == '\r') {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002216 if (p1) {
2217 msg->err_pos = ptr - buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002218 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002219 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002220 p1 = ptr;
2221 }
2222
2223 ptr++;
2224 if (ptr >= buf->data + buf->size)
2225 ptr = buf->data;
2226 }
2227
2228 /* after LF; point to beginning of next line */
2229 p2++;
2230 if (p2 >= buf->data + buf->size)
2231 p2 = buf->data;
2232
Willy Tarreau638cd022010-01-03 07:42:04 +01002233 bytes = p2 - buf->lr;
2234 if (bytes < 0)
2235 bytes += buf->size;
2236
2237 /* schedule this line for forwarding */
2238 msg->sov += bytes;
2239 if (msg->sov >= buf->size)
2240 msg->sov -= buf->size;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002241
Willy Tarreau638cd022010-01-03 07:42:04 +01002242 if (p1 == buf->lr) {
2243 /* LF/CRLF at beginning of line => end of trailers at p2.
2244 * Everything was scheduled for forwarding, there's nothing
2245 * left from this message.
Willy Tarreau5523b322009-12-29 12:05:52 +01002246 */
Willy Tarreau638cd022010-01-03 07:42:04 +01002247 buf->lr = p2;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002248 msg->msg_state = HTTP_MSG_DONE;
2249 return 1;
2250 }
2251 /* OK, next line then */
2252 buf->lr = p2;
2253 }
2254}
2255
2256/* This function may be called only in HTTP_MSG_DATA_CRLF. It reads the CRLF or
2257 * a possible LF alone at the end of a chunk. It automatically adjusts msg->sov,
2258 * ->som, buf->lr in order to include this part into the next forwarding phase.
2259 * It also sets msg_state to HTTP_MSG_CHUNK_SIZE and returns >0 on success. If
2260 * not enough data are available, the function does not change anything and
2261 * returns zero. If a parse error is encountered, the function returns < 0 and
2262 * does not change anything. Note: this function is designed to parse wrapped
2263 * CRLF at the end of the buffer.
2264 */
2265int http_skip_chunk_crlf(struct buffer *buf, struct http_msg *msg)
2266{
2267 char *ptr;
2268 int bytes;
2269
2270 /* NB: we'll check data availabilty at the end. It's not a
2271 * problem because whatever we match first will be checked
2272 * against the correct length.
2273 */
2274 bytes = 1;
2275 ptr = buf->lr;
2276 if (*ptr == '\r') {
2277 bytes++;
2278 ptr++;
2279 if (ptr >= buf->data + buf->size)
2280 ptr = buf->data;
2281 }
2282
Willy Tarreaubf3f1de2010-03-17 15:54:24 +01002283 if (bytes > buf->l - buf->send_max)
Willy Tarreaud98cf932009-12-27 22:54:55 +01002284 return 0;
2285
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002286 if (*ptr != '\n') {
2287 msg->err_pos = ptr - buf->data;
Willy Tarreaud98cf932009-12-27 22:54:55 +01002288 return -1;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01002289 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01002290
2291 ptr++;
2292 if (ptr >= buf->data + buf->size)
2293 ptr = buf->data;
2294 buf->lr = ptr;
2295 /* prepare the CRLF to be forwarded. msg->som may be before data but we don't care */
2296 msg->sov = ptr - buf->data;
2297 msg->som = msg->sov - bytes;
2298 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
2299 return 1;
2300}
Willy Tarreau5b154472009-12-21 20:11:07 +01002301
Willy Tarreau83e3af02009-12-28 17:39:57 +01002302void http_buffer_heavy_realign(struct buffer *buf, struct http_msg *msg)
2303{
2304 char *end = buf->data + buf->size;
2305 int off = buf->data + buf->size - buf->w;
2306
2307 /* two possible cases :
2308 * - the buffer is in one contiguous block, we move it in-place
Willy Tarreau8096de92010-02-26 11:12:27 +01002309 * - the buffer is in two blocks, we move it via the swap_buffer
Willy Tarreau83e3af02009-12-28 17:39:57 +01002310 */
2311 if (buf->l) {
Willy Tarreau8096de92010-02-26 11:12:27 +01002312 int block1 = buf->l;
2313 int block2 = 0;
2314 if (buf->r <= buf->w) {
Willy Tarreau83e3af02009-12-28 17:39:57 +01002315 /* non-contiguous block */
Willy Tarreau8096de92010-02-26 11:12:27 +01002316 block1 = buf->data + buf->size - buf->w;
2317 block2 = buf->r - buf->data;
2318 }
2319 if (block2)
2320 memcpy(swap_buffer, buf->data, block2);
2321 memmove(buf->data, buf->w, block1);
2322 if (block2)
2323 memcpy(buf->data + block1, swap_buffer, block2);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002324 }
2325
2326 /* adjust all known pointers */
2327 buf->w = buf->data;
2328 buf->lr += off; if (buf->lr >= end) buf->lr -= buf->size;
2329 buf->r += off; if (buf->r >= end) buf->r -= buf->size;
2330 msg->sol += off; if (msg->sol >= end) msg->sol -= buf->size;
2331 msg->eol += off; if (msg->eol >= end) msg->eol -= buf->size;
2332
2333 /* adjust relative pointers */
2334 msg->som = 0;
2335 msg->eoh += off; if (msg->eoh >= buf->size) msg->eoh -= buf->size;
2336 msg->col += off; if (msg->col >= buf->size) msg->col -= buf->size;
2337 msg->sov += off; if (msg->sov >= buf->size) msg->sov -= buf->size;
2338
Willy Tarreau83e3af02009-12-28 17:39:57 +01002339 if (msg->err_pos >= 0) {
2340 msg->err_pos += off;
2341 if (msg->err_pos >= buf->size)
2342 msg->err_pos -= buf->size;
2343 }
2344
2345 buf->flags &= ~BF_FULL;
2346 if (buf->l >= buffer_max_len(buf))
2347 buf->flags |= BF_FULL;
2348}
2349
Willy Tarreaud787e662009-07-07 10:14:51 +02002350/* This stream analyser waits for a complete HTTP request. It returns 1 if the
2351 * processing can continue on next analysers, or zero if it either needs more
2352 * data or wants to immediately abort the request (eg: timeout, error, ...). It
2353 * is tied to AN_REQ_WAIT_HTTP and may may remove itself from s->req->analysers
2354 * when it has nothing left to do, and may remove any analyser when it wants to
2355 * abort.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002356 */
Willy Tarreau3a816292009-07-07 10:55:49 +02002357int http_wait_for_request(struct session *s, struct buffer *req, int an_bit)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002358{
Willy Tarreau59234e92008-11-30 23:51:27 +01002359 /*
2360 * We will parse the partial (or complete) lines.
2361 * We will check the request syntax, and also join multi-line
2362 * headers. An index of all the lines will be elaborated while
2363 * parsing.
2364 *
2365 * For the parsing, we use a 28 states FSM.
2366 *
2367 * Here is the information we currently have :
Willy Tarreauf073a832009-03-01 23:21:47 +01002368 * req->data + msg->som = beginning of request
Willy Tarreau83e3af02009-12-28 17:39:57 +01002369 * req->data + msg->eoh = end of processed headers / start of current one
2370 * msg->eol = end of current header or line (LF or CRLF)
Willy Tarreau59234e92008-11-30 23:51:27 +01002371 * req->lr = first non-visited byte
2372 * req->r = end of data
Willy Tarreaud787e662009-07-07 10:14:51 +02002373 *
2374 * At end of parsing, we may perform a capture of the error (if any), and
2375 * we will set a few fields (msg->sol, txn->meth, sn->flags/SN_REDIRECTABLE).
2376 * We also check for monitor-uri, logging, HTTP/0.9 to 1.0 conversion, and
2377 * finally headers capture.
Willy Tarreau59234e92008-11-30 23:51:27 +01002378 */
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002379
Willy Tarreau59234e92008-11-30 23:51:27 +01002380 int cur_idx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002381 int use_close_only;
Willy Tarreau59234e92008-11-30 23:51:27 +01002382 struct http_txn *txn = &s->txn;
2383 struct http_msg *msg = &txn->req;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002384 struct hdr_ctx ctx;
Willy Tarreau976f1ee2006-12-17 10:06:03 +01002385
Willy Tarreau6bf17362009-02-24 10:48:35 +01002386 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
2387 now_ms, __FUNCTION__,
2388 s,
2389 req,
2390 req->rex, req->wex,
2391 req->flags,
2392 req->l,
2393 req->analysers);
2394
Willy Tarreau52a0c602009-08-16 22:45:38 +02002395 /* we're speaking HTTP here, so let's speak HTTP to the client */
2396 s->srv_error = http_return_srv_error;
2397
Willy Tarreau83e3af02009-12-28 17:39:57 +01002398 /* There's a protected area at the end of the buffer for rewriting
2399 * purposes. We don't want to start to parse the request if the
2400 * protected area is affected, because we may have to move processed
2401 * data later, which is much more complicated.
2402 */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002403 if (req->l && msg->msg_state < HTTP_MSG_ERROR) {
Willy Tarreau065e8332010-01-08 00:30:20 +01002404 if ((txn->flags & TX_NOT_FIRST) &&
2405 unlikely((req->flags & BF_FULL) ||
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002406 req->r < req->lr ||
2407 req->r > req->data + req->size - global.tune.maxrewrite)) {
2408 if (req->send_max) {
Willy Tarreau64648412010-03-05 10:41:54 +01002409 if (req->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_WRITE_ERROR|BF_WRITE_TIMEOUT))
2410 goto failed_keep_alive;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002411 /* some data has still not left the buffer, wake us once that's done */
2412 buffer_dont_connect(req);
2413 req->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */
2414 return 0;
2415 }
Willy Tarreau0499e352010-12-17 07:13:42 +01002416 if (req->r < req->lr || req->r > req->data + req->size - global.tune.maxrewrite)
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002417 http_buffer_heavy_realign(req, msg);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002418 }
2419
Willy Tarreau065e8332010-01-08 00:30:20 +01002420 /* Note that we have the same problem with the response ; we
2421 * may want to send a redirect, error or anything which requires
2422 * some spare space. So we'll ensure that we have at least
2423 * maxrewrite bytes available in the response buffer before
2424 * processing that one. This will only affect pipelined
2425 * keep-alive requests.
2426 */
2427 if ((txn->flags & TX_NOT_FIRST) &&
2428 unlikely((s->rep->flags & BF_FULL) ||
2429 s->rep->r < s->rep->lr ||
2430 s->rep->r > s->rep->data + s->rep->size - global.tune.maxrewrite)) {
2431 if (s->rep->send_max) {
Willy Tarreau64648412010-03-05 10:41:54 +01002432 if (s->rep->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_WRITE_ERROR|BF_WRITE_TIMEOUT))
2433 goto failed_keep_alive;
Willy Tarreau065e8332010-01-08 00:30:20 +01002434 /* don't let a connection request be initiated */
2435 buffer_dont_connect(req);
Willy Tarreauff7b5882010-01-22 14:41:29 +01002436 s->rep->flags &= ~BF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau0499e352010-12-17 07:13:42 +01002437 s->rep->analysers |= an_bit; /* wake us up once it changes */
Willy Tarreau065e8332010-01-08 00:30:20 +01002438 return 0;
2439 }
2440 }
2441
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01002442 if (likely(req->lr < req->r))
2443 http_msg_analyzer(req, msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01002444 }
2445
Willy Tarreau59234e92008-11-30 23:51:27 +01002446 /* 1: we might have to print this header in debug mode */
2447 if (unlikely((global.mode & MODE_DEBUG) &&
2448 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreauc3bfeeb2010-04-16 09:14:45 +02002449 msg->sol &&
Willy Tarreau655dce92009-11-08 13:10:58 +01002450 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreau59234e92008-11-30 23:51:27 +01002451 char *eol, *sol;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002452
Willy Tarreau663308b2010-06-07 14:06:08 +02002453 sol = req->data + msg->som;
Willy Tarreau59234e92008-11-30 23:51:27 +01002454 eol = sol + msg->sl.rq.l;
2455 debug_hdr("clireq", s, sol, eol);
Willy Tarreau45e73e32006-12-17 00:05:15 +01002456
Willy Tarreau59234e92008-11-30 23:51:27 +01002457 sol += hdr_idx_first_pos(&txn->hdr_idx);
2458 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01002459
Willy Tarreau59234e92008-11-30 23:51:27 +01002460 while (cur_idx) {
2461 eol = sol + txn->hdr_idx.v[cur_idx].len;
2462 debug_hdr("clihdr", s, sol, eol);
2463 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
2464 cur_idx = txn->hdr_idx.v[cur_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002465 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002466 }
2467
Willy Tarreau58f10d72006-12-04 02:26:12 +01002468
Willy Tarreau59234e92008-11-30 23:51:27 +01002469 /*
2470 * Now we quickly check if we have found a full valid request.
2471 * If not so, we check the FD and buffer states before leaving.
2472 * A full request is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01002473 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002474 * requests are checked first. When waiting for a second request
2475 * on a keep-alive session, if we encounter and error, close, t/o,
2476 * we note the error in the session flags but don't set any state.
2477 * Since the error will be noted there, it will not be counted by
2478 * process_session() as a frontend error.
Willy Tarreauda7ff642010-06-23 11:44:09 +02002479 * Last, we may increase some tracked counters' http request errors on
2480 * the cases that are deliberately the client's fault. For instance,
2481 * a timeout or connection reset is not counted as an error. However
2482 * a bad request is.
Willy Tarreau59234e92008-11-30 23:51:27 +01002483 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01002484
Willy Tarreau655dce92009-11-08 13:10:58 +01002485 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002486 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002487 * First, let's catch bad requests.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002488 */
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002489 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
Willy Tarreauda7ff642010-06-23 11:44:09 +02002490 session_inc_http_req_ctr(s);
2491 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002492 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002493 goto return_bad_req;
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002494 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002495
Willy Tarreau59234e92008-11-30 23:51:27 +01002496 /* 1: Since we are in header mode, if there's no space
2497 * left for headers, we won't be able to free more
2498 * later, so the session will never terminate. We
2499 * must terminate it now.
2500 */
2501 if (unlikely(req->flags & BF_FULL)) {
2502 /* FIXME: check if URI is set and return Status
2503 * 414 Request URI too long instead.
Willy Tarreau58f10d72006-12-04 02:26:12 +01002504 */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002505 session_inc_http_req_ctr(s);
2506 session_inc_http_err_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002507 proxy_inc_fe_req_ctr(s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002508 goto return_bad_req;
2509 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002510
Willy Tarreau59234e92008-11-30 23:51:27 +01002511 /* 2: have we encountered a read error ? */
2512 else if (req->flags & BF_READ_ERROR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002513 if (!(s->flags & SN_ERR_MASK))
2514 s->flags |= SN_ERR_CLICL;
2515
Willy Tarreaufcffa692010-01-10 14:21:19 +01002516 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002517 goto failed_keep_alive;
2518
Willy Tarreau59234e92008-11-30 23:51:27 +01002519 /* we cannot return any message on error */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002520 if (msg->err_pos >= 0) {
Willy Tarreau078272e2010-12-12 12:46:33 +01002521 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002522 session_inc_http_err_ctr(s);
2523 }
2524
Willy Tarreau59234e92008-11-30 23:51:27 +01002525 msg->msg_state = HTTP_MSG_ERROR;
2526 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002527
Willy Tarreauda7ff642010-06-23 11:44:09 +02002528 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002529 proxy_inc_fe_req_ctr(s->fe);
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002530 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002531 if (s->listener->counters)
2532 s->listener->counters->failed_req++;
2533
Willy Tarreau59234e92008-11-30 23:51:27 +01002534 if (!(s->flags & SN_FINST_MASK))
2535 s->flags |= SN_FINST_R;
2536 return 0;
2537 }
Willy Tarreauf9839bd2008-08-27 23:57:16 +02002538
Willy Tarreau59234e92008-11-30 23:51:27 +01002539 /* 3: has the read timeout expired ? */
2540 else if (req->flags & BF_READ_TIMEOUT || tick_is_expired(req->analyse_exp, now_ms)) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002541 if (!(s->flags & SN_ERR_MASK))
2542 s->flags |= SN_ERR_CLITO;
2543
Willy Tarreaufcffa692010-01-10 14:21:19 +01002544 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002545 goto failed_keep_alive;
2546
Willy Tarreau59234e92008-11-30 23:51:27 +01002547 /* read timeout : give up with an error message. */
Willy Tarreauda7ff642010-06-23 11:44:09 +02002548 if (msg->err_pos >= 0) {
Willy Tarreau078272e2010-12-12 12:46:33 +01002549 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreauda7ff642010-06-23 11:44:09 +02002550 session_inc_http_err_ctr(s);
2551 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002552 txn->status = 408;
2553 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_408));
2554 msg->msg_state = HTTP_MSG_ERROR;
2555 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002556
Willy Tarreauda7ff642010-06-23 11:44:09 +02002557 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002558 proxy_inc_fe_req_ctr(s->fe);
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002559 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002560 if (s->listener->counters)
2561 s->listener->counters->failed_req++;
2562
Willy Tarreau59234e92008-11-30 23:51:27 +01002563 if (!(s->flags & SN_FINST_MASK))
2564 s->flags |= SN_FINST_R;
2565 return 0;
2566 }
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02002567
Willy Tarreau59234e92008-11-30 23:51:27 +01002568 /* 4: have we encountered a close ? */
2569 else if (req->flags & BF_SHUTR) {
Willy Tarreaud3c343f2010-01-16 10:26:19 +01002570 if (!(s->flags & SN_ERR_MASK))
2571 s->flags |= SN_ERR_CLICL;
2572
Willy Tarreaufcffa692010-01-10 14:21:19 +01002573 if (txn->flags & TX_WAIT_NEXT_RQ)
Willy Tarreaub608feb2010-01-02 22:47:18 +01002574 goto failed_keep_alive;
2575
Willy Tarreau4076a152009-04-02 15:18:36 +02002576 if (msg->err_pos >= 0)
Willy Tarreau078272e2010-12-12 12:46:33 +01002577 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreau59234e92008-11-30 23:51:27 +01002578 txn->status = 400;
2579 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
2580 msg->msg_state = HTTP_MSG_ERROR;
2581 req->analysers = 0;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002582
Willy Tarreauda7ff642010-06-23 11:44:09 +02002583 session_inc_http_err_ctr(s);
2584 session_inc_http_req_ctr(s);
Willy Tarreau3e1b6d12010-03-04 23:02:38 +01002585 proxy_inc_fe_req_ctr(s->fe);
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002586 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002587 if (s->listener->counters)
2588 s->listener->counters->failed_req++;
2589
Willy Tarreau59234e92008-11-30 23:51:27 +01002590 if (!(s->flags & SN_FINST_MASK))
2591 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02002592 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002593 }
2594
Willy Tarreau520d95e2009-09-19 21:04:57 +02002595 buffer_dont_connect(req);
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002596 req->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */
Willy Tarreauff7b5882010-01-22 14:41:29 +01002597 s->rep->flags &= ~BF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau1b194fe2009-03-21 21:10:04 +01002598
Willy Tarreaufcffa692010-01-10 14:21:19 +01002599 if ((msg->msg_state != HTTP_MSG_RQBEFORE) && (txn->flags & TX_WAIT_NEXT_RQ)) {
2600 /* If the client starts to talk, let's fall back to
2601 * request timeout processing.
2602 */
2603 txn->flags &= ~TX_WAIT_NEXT_RQ;
Willy Tarreaub16a5742010-01-10 14:46:16 +01002604 req->analyse_exp = TICK_ETERNITY;
Willy Tarreaufcffa692010-01-10 14:21:19 +01002605 }
2606
Willy Tarreau59234e92008-11-30 23:51:27 +01002607 /* just set the request timeout once at the beginning of the request */
Willy Tarreaub16a5742010-01-10 14:46:16 +01002608 if (!tick_isset(req->analyse_exp)) {
2609 if ((msg->msg_state == HTTP_MSG_RQBEFORE) &&
2610 (txn->flags & TX_WAIT_NEXT_RQ) &&
2611 tick_isset(s->be->timeout.httpka))
2612 req->analyse_exp = tick_add(now_ms, s->be->timeout.httpka);
2613 else
2614 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
2615 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002616
Willy Tarreau59234e92008-11-30 23:51:27 +01002617 /* we're not ready yet */
2618 return 0;
Willy Tarreaub608feb2010-01-02 22:47:18 +01002619
2620 failed_keep_alive:
2621 /* Here we process low-level errors for keep-alive requests. In
2622 * short, if the request is not the first one and it experiences
2623 * a timeout, read error or shutdown, we just silently close so
2624 * that the client can try again.
2625 */
2626 txn->status = 0;
2627 msg->msg_state = HTTP_MSG_RQBEFORE;
2628 req->analysers = 0;
2629 s->logs.logwait = 0;
Willy Tarreauff7b5882010-01-22 14:41:29 +01002630 s->rep->flags &= ~BF_EXPECT_MORE; /* speed up sending a previous response */
Willy Tarreau148d0992010-01-10 10:21:21 +01002631 stream_int_retnclose(req->prod, NULL);
Willy Tarreaub608feb2010-01-02 22:47:18 +01002632 return 0;
Willy Tarreau59234e92008-11-30 23:51:27 +01002633 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01002634
Willy Tarreaud787e662009-07-07 10:14:51 +02002635 /* OK now we have a complete HTTP request with indexed headers. Let's
2636 * complete the request parsing by setting a few fields we will need
Willy Tarreaufa355d42009-11-29 18:12:29 +01002637 * later. At this point, we have the last CRLF at req->data + msg->eoh.
2638 * If the request is in HTTP/0.9 form, the rule is still true, and eoh
2639 * points to the CRLF of the request line. req->lr points to the first
2640 * byte after the last LF. msg->col and msg->sov point to the first
2641 * byte of data. msg->eol cannot be trusted because it may have been
2642 * left uninitialized (for instance in the absence of headers).
Willy Tarreaud787e662009-07-07 10:14:51 +02002643 */
Willy Tarreau9cdde232007-05-02 20:58:19 +02002644
Willy Tarreauda7ff642010-06-23 11:44:09 +02002645 session_inc_http_req_ctr(s);
Willy Tarreaud9b587f2010-02-26 10:05:55 +01002646 proxy_inc_fe_req_ctr(s->fe); /* one more valid request for this FE */
2647
Willy Tarreaub16a5742010-01-10 14:46:16 +01002648 if (txn->flags & TX_WAIT_NEXT_RQ) {
2649 /* kill the pending keep-alive timeout */
2650 txn->flags &= ~TX_WAIT_NEXT_RQ;
2651 req->analyse_exp = TICK_ETERNITY;
2652 }
2653
2654
Willy Tarreaud787e662009-07-07 10:14:51 +02002655 /* Maybe we found in invalid header name while we were configured not
2656 * to block on that, so we have to capture it now.
2657 */
2658 if (unlikely(msg->err_pos >= 0))
Willy Tarreau078272e2010-12-12 12:46:33 +01002659 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02002660
Willy Tarreau59234e92008-11-30 23:51:27 +01002661 /*
2662 * 1: identify the method
2663 */
Willy Tarreau962c3f42010-01-10 00:15:35 +01002664 txn->meth = find_http_meth(msg->sol, msg->sl.rq.m_l);
Willy Tarreau59234e92008-11-30 23:51:27 +01002665
2666 /* we can make use of server redirect on GET and HEAD */
2667 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
2668 s->flags |= SN_REDIRECTABLE;
Willy Tarreaufa7e1022008-10-19 07:30:41 +02002669
Willy Tarreau59234e92008-11-30 23:51:27 +01002670 /*
2671 * 2: check if the URI matches the monitor_uri.
2672 * We have to do this for every request which gets in, because
2673 * the monitor-uri is defined by the frontend.
2674 */
2675 if (unlikely((s->fe->monitor_uri_len != 0) &&
2676 (s->fe->monitor_uri_len == msg->sl.rq.u_l) &&
Willy Tarreau962c3f42010-01-10 00:15:35 +01002677 !memcmp(msg->sol + msg->sl.rq.u,
Willy Tarreau59234e92008-11-30 23:51:27 +01002678 s->fe->monitor_uri,
2679 s->fe->monitor_uri_len))) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01002680 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01002681 * We have found the monitor URI
Willy Tarreau58f10d72006-12-04 02:26:12 +01002682 */
Willy Tarreau59234e92008-11-30 23:51:27 +01002683 struct acl_cond *cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002684
Willy Tarreau59234e92008-11-30 23:51:27 +01002685 s->flags |= SN_MONITOR;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002686
Willy Tarreau59234e92008-11-30 23:51:27 +01002687 /* Check if we want to fail this monitor request or not */
Willy Tarreaud787e662009-07-07 10:14:51 +02002688 list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
2689 int ret = acl_exec_cond(cond, s->fe, s, txn, ACL_DIR_REQ);
Willy Tarreau11382812008-07-09 16:18:21 +02002690
Willy Tarreau59234e92008-11-30 23:51:27 +01002691 ret = acl_pass(ret);
2692 if (cond->pol == ACL_COND_UNLESS)
2693 ret = !ret;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002694
Willy Tarreau59234e92008-11-30 23:51:27 +01002695 if (ret) {
2696 /* we fail this request, let's return 503 service unavail */
2697 txn->status = 503;
2698 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_503));
2699 goto return_prx_cond;
Willy Tarreaub80c2302007-11-30 20:51:32 +01002700 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002701 }
Willy Tarreaua5555ec2008-11-30 19:02:32 +01002702
Willy Tarreau59234e92008-11-30 23:51:27 +01002703 /* nothing to fail, let's reply normaly */
2704 txn->status = 200;
2705 stream_int_retnclose(req->prod, &http_200_chunk);
2706 goto return_prx_cond;
2707 }
2708
2709 /*
2710 * 3: Maybe we have to copy the original REQURI for the logs ?
2711 * Note: we cannot log anymore if the request has been
2712 * classified as invalid.
2713 */
2714 if (unlikely(s->logs.logwait & LW_REQ)) {
2715 /* we have a complete HTTP request that we must log */
2716 if ((txn->uri = pool_alloc2(pool2_requri)) != NULL) {
2717 int urilen = msg->sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002718
Willy Tarreau59234e92008-11-30 23:51:27 +01002719 if (urilen >= REQURI_LEN)
2720 urilen = REQURI_LEN - 1;
2721 memcpy(txn->uri, &req->data[msg->som], urilen);
2722 txn->uri[urilen] = 0;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002723
Willy Tarreau59234e92008-11-30 23:51:27 +01002724 if (!(s->logs.logwait &= ~LW_REQ))
2725 s->do_log(s);
2726 } else {
2727 Alert("HTTP logging : out of memory.\n");
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01002728 }
Willy Tarreau59234e92008-11-30 23:51:27 +01002729 }
Willy Tarreau06619262006-12-17 08:37:22 +01002730
Willy Tarreau59234e92008-11-30 23:51:27 +01002731 /* 4. We may have to convert HTTP/0.9 requests to HTTP/1.0 */
Willy Tarreau2492d5b2009-07-11 00:06:00 +02002732 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(req, msg, txn))
2733 goto return_bad_req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01002734
Willy Tarreau5b154472009-12-21 20:11:07 +01002735 /* ... and check if the request is HTTP/1.1 or above */
2736 if ((msg->sl.rq.v_l == 8) &&
Willy Tarreau962c3f42010-01-10 00:15:35 +01002737 ((msg->sol[msg->sl.rq.v + 5] > '1') ||
2738 ((msg->sol[msg->sl.rq.v + 5] == '1') &&
2739 (msg->sol[msg->sl.rq.v + 7] >= '1'))))
Willy Tarreau5b154472009-12-21 20:11:07 +01002740 txn->flags |= TX_REQ_VER_11;
2741
2742 /* "connection" has not been parsed yet */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01002743 txn->flags &= ~(TX_HDR_CONN_PRS | TX_HDR_CONN_CLO | TX_HDR_CONN_KAL);
Willy Tarreau5b154472009-12-21 20:11:07 +01002744
Willy Tarreau88d349d2010-01-25 12:15:43 +01002745 /* if the frontend has "option http-use-proxy-header", we'll check if
2746 * we have what looks like a proxied connection instead of a connection,
2747 * and in this case set the TX_USE_PX_CONN flag to use Proxy-connection.
2748 * Note that this is *not* RFC-compliant, however browsers and proxies
2749 * happen to do that despite being non-standard :-(
2750 * We consider that a request not beginning with either '/' or '*' is
2751 * a proxied connection, which covers both "scheme://location" and
2752 * CONNECT ip:port.
2753 */
2754 if ((s->fe->options2 & PR_O2_USE_PXHDR) &&
2755 msg->sol[msg->sl.rq.u] != '/' && msg->sol[msg->sl.rq.u] != '*')
2756 txn->flags |= TX_USE_PX_CONN;
2757
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002758 /* transfer length unknown*/
2759 txn->flags &= ~TX_REQ_XFER_LEN;
2760
Willy Tarreau59234e92008-11-30 23:51:27 +01002761 /* 5: we may need to capture headers */
2762 if (unlikely((s->logs.logwait & LW_REQHDR) && s->fe->req_cap))
Willy Tarreau962c3f42010-01-10 00:15:35 +01002763 capture_headers(msg->sol, &txn->hdr_idx,
Willy Tarreau59234e92008-11-30 23:51:27 +01002764 txn->req.cap, s->fe->req_cap);
Willy Tarreau11382812008-07-09 16:18:21 +02002765
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002766 /* 6: determine the transfer-length.
2767 * According to RFC2616 #4.4, amended by the HTTPbis working group,
2768 * the presence of a message-body in a REQUEST and its transfer length
2769 * must be determined that way (in order of precedence) :
2770 * 1. The presence of a message-body in a request is signaled by the
2771 * inclusion of a Content-Length or Transfer-Encoding header field
2772 * in the request's header fields. When a request message contains
2773 * both a message-body of non-zero length and a method that does
2774 * not define any semantics for that request message-body, then an
2775 * origin server SHOULD either ignore the message-body or respond
2776 * with an appropriate error message (e.g., 413). A proxy or
2777 * gateway, when presented the same request, SHOULD either forward
2778 * the request inbound with the message- body or ignore the
2779 * message-body when determining a response.
2780 *
2781 * 2. If a Transfer-Encoding header field (Section 9.7) is present
2782 * and the "chunked" transfer-coding (Section 6.2) is used, the
2783 * transfer-length is defined by the use of this transfer-coding.
2784 * If a Transfer-Encoding header field is present and the "chunked"
2785 * transfer-coding is not present, the transfer-length is defined
2786 * by the sender closing the connection.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002787 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002788 * 3. If a Content-Length header field is present, its decimal value in
2789 * OCTETs represents both the entity-length and the transfer-length.
2790 * If a message is received with both a Transfer-Encoding header
2791 * field and a Content-Length header field, the latter MUST be ignored.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002792 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002793 * 4. By the server closing the connection. (Closing the connection
2794 * cannot be used to indicate the end of a request body, since that
2795 * would leave no possibility for the server to send back a response.)
2796 *
2797 * Whenever a transfer-coding is applied to a message-body, the set of
2798 * transfer-codings MUST include "chunked", unless the message indicates
2799 * it is terminated by closing the connection. When the "chunked"
2800 * transfer-coding is used, it MUST be the last transfer-coding applied
2801 * to the message-body.
Willy Tarreau32b47f42009-10-18 20:55:02 +02002802 */
2803
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002804 use_close_only = 0;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002805 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002806 /* set TE_CHNK and XFER_LEN only if "chunked" is seen last */
Willy Tarreau9e13c3c2009-12-22 09:59:58 +01002807 while ((txn->flags & TX_REQ_VER_11) &&
2808 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002809 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
2810 txn->flags |= (TX_REQ_TE_CHNK | TX_REQ_XFER_LEN);
2811 else if (txn->flags & TX_REQ_TE_CHNK) {
2812 /* bad transfer-encoding (chunked followed by something else) */
2813 use_close_only = 1;
2814 txn->flags &= ~(TX_REQ_TE_CHNK | TX_REQ_XFER_LEN);
2815 break;
2816 }
Willy Tarreau32b47f42009-10-18 20:55:02 +02002817 }
2818
Willy Tarreau32b47f42009-10-18 20:55:02 +02002819 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002820 while (!(txn->flags & TX_REQ_TE_CHNK) && !use_close_only &&
Willy Tarreau32b47f42009-10-18 20:55:02 +02002821 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx)) {
2822 signed long long cl;
2823
2824 if (!ctx.vlen)
2825 goto return_bad_req;
2826
2827 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl))
2828 goto return_bad_req; /* parse failure */
2829
2830 if (cl < 0)
2831 goto return_bad_req;
2832
Willy Tarreau124d9912011-03-01 20:30:48 +01002833 if ((txn->flags & TX_REQ_CNT_LEN) && (msg->chunk_len != cl))
Willy Tarreau32b47f42009-10-18 20:55:02 +02002834 goto return_bad_req; /* already specified, was different */
2835
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002836 txn->flags |= TX_REQ_CNT_LEN | TX_REQ_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01002837 msg->body_len = msg->chunk_len = cl;
Willy Tarreau32b47f42009-10-18 20:55:02 +02002838 }
2839
Willy Tarreaue8e785b2009-12-26 15:34:26 +01002840 /* bodyless requests have a known length */
2841 if (!use_close_only)
2842 txn->flags |= TX_REQ_XFER_LEN;
2843
Willy Tarreaud787e662009-07-07 10:14:51 +02002844 /* end of job, return OK */
Willy Tarreau3a816292009-07-07 10:55:49 +02002845 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02002846 req->analyse_exp = TICK_ETERNITY;
2847 return 1;
2848
2849 return_bad_req:
2850 /* We centralize bad requests processing here */
2851 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
2852 /* we detected a parsing error. We want to archive this request
2853 * in the dedicated proxy area for later troubleshooting.
2854 */
Willy Tarreau078272e2010-12-12 12:46:33 +01002855 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreaud787e662009-07-07 10:14:51 +02002856 }
2857
2858 txn->req.msg_state = HTTP_MSG_ERROR;
2859 txn->status = 400;
2860 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002861
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02002862 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02002863 if (s->listener->counters)
2864 s->listener->counters->failed_req++;
Willy Tarreaud787e662009-07-07 10:14:51 +02002865
2866 return_prx_cond:
2867 if (!(s->flags & SN_ERR_MASK))
2868 s->flags |= SN_ERR_PRXCOND;
2869 if (!(s->flags & SN_FINST_MASK))
2870 s->flags |= SN_FINST_R;
2871
2872 req->analysers = 0;
2873 req->analyse_exp = TICK_ETERNITY;
2874 return 0;
2875}
2876
Cyril Bonté70be45d2010-10-12 00:14:35 +02002877/* We reached the stats page through a POST request.
2878 * Parse the posted data and enable/disable servers if necessary.
Cyril Bonté23b39d92011-02-10 22:54:44 +01002879 * Returns 1 if request was parsed or zero if it needs more data.
Cyril Bonté70be45d2010-10-12 00:14:35 +02002880 */
Willy Tarreau295a8372011-03-10 11:25:07 +01002881int http_process_req_stat_post(struct stream_interface *si, struct http_txn *txn, struct buffer *req)
Cyril Bonté70be45d2010-10-12 00:14:35 +02002882{
Cyril Bonté70be45d2010-10-12 00:14:35 +02002883 struct proxy *px;
2884 struct server *sv;
2885
2886 char *backend = NULL;
2887 int action = 0;
2888
2889 char *first_param, *cur_param, *next_param, *end_params;
2890
2891 first_param = req->data + txn->req.eoh + 2;
Willy Tarreau124d9912011-03-01 20:30:48 +01002892 end_params = first_param + txn->req.body_len;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002893
2894 cur_param = next_param = end_params;
2895
Cyril Bonté23b39d92011-02-10 22:54:44 +01002896 if (end_params >= req->data + req->size - global.tune.maxrewrite) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002897 /* Prevent buffer overflow */
Willy Tarreau295a8372011-03-10 11:25:07 +01002898 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002899 return 1;
2900 }
2901 else if (end_params > req->data + req->l) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01002902 /* we need more data */
Willy Tarreau295a8372011-03-10 11:25:07 +01002903 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté23b39d92011-02-10 22:54:44 +01002904 return 0;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002905 }
2906
2907 *end_params = '\0';
2908
Willy Tarreau295a8372011-03-10 11:25:07 +01002909 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002910
2911 /*
2912 * Parse the parameters in reverse order to only store the last value.
2913 * From the html form, the backend and the action are at the end.
2914 */
2915 while (cur_param > first_param) {
2916 char *key, *value;
2917
2918 cur_param--;
2919 if ((*cur_param == '&') || (cur_param == first_param)) {
2920 /* Parse the key */
2921 key = cur_param;
2922 if (cur_param != first_param) {
2923 /* delimit the string for the next loop */
2924 *key++ = '\0';
2925 }
2926
2927 /* Parse the value */
2928 value = key;
2929 while (*value != '\0' && *value != '=') {
2930 value++;
2931 }
2932 if (*value == '=') {
2933 /* Ok, a value is found, we can mark the end of the key */
2934 *value++ = '\0';
2935 }
2936
2937 /* Now we can check the key to see what to do */
2938 if (!backend && strcmp(key, "b") == 0) {
2939 backend = value;
2940 }
2941 else if (!action && strcmp(key, "action") == 0) {
2942 if (strcmp(value, "disable") == 0) {
2943 action = 1;
2944 }
2945 else if (strcmp(value, "enable") == 0) {
2946 action = 2;
2947 } else {
2948 /* unknown action, no need to continue */
2949 break;
2950 }
2951 }
2952 else if (strcmp(key, "s") == 0) {
2953 if (backend && action && get_backend_server(backend, value, &px, &sv)) {
2954 switch (action) {
2955 case 1:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002956 if ((px->state != PR_STSTOPPED) && !(sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002957 /* Not already in maintenance, we can change the server state */
2958 sv->state |= SRV_MAINTAIN;
2959 set_server_down(sv);
Willy Tarreau295a8372011-03-10 11:25:07 +01002960 si->applet.ctx.stats.st_code = STAT_STATUS_DONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002961 }
2962 break;
2963 case 2:
Cyril Bonté1e2a1702011-03-03 21:05:17 +01002964 if ((px->state != PR_STSTOPPED) && (sv->state & SRV_MAINTAIN)) {
Cyril Bonté70be45d2010-10-12 00:14:35 +02002965 /* Already in maintenance, we can change the server state */
2966 set_server_up(sv);
Willy Tarreau70461302010-10-22 14:39:02 +02002967 sv->health = sv->rise; /* up, but will fall down at first failure */
Willy Tarreau295a8372011-03-10 11:25:07 +01002968 si->applet.ctx.stats.st_code = STAT_STATUS_DONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002969 }
2970 break;
2971 }
2972 }
2973 }
2974 next_param = cur_param;
2975 }
2976 }
Cyril Bonté23b39d92011-02-10 22:54:44 +01002977 return 1;
Cyril Bonté70be45d2010-10-12 00:14:35 +02002978}
2979
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002980/* This stream analyser runs all HTTP request processing which is common to
2981 * frontends and backends, which means blocking ACLs, filters, connection-close,
2982 * reqadd, stats and redirects. This is performed for the designated proxy.
Willy Tarreaud787e662009-07-07 10:14:51 +02002983 * It returns 1 if the processing can continue on next analysers, or zero if it
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002984 * either needs more data or wants to immediately abort the request (eg: deny,
2985 * error, ...).
Willy Tarreaud787e662009-07-07 10:14:51 +02002986 */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002987int http_process_req_common(struct session *s, struct buffer *req, int an_bit, struct proxy *px)
Willy Tarreaud787e662009-07-07 10:14:51 +02002988{
Willy Tarreaud787e662009-07-07 10:14:51 +02002989 struct http_txn *txn = &s->txn;
2990 struct http_msg *msg = &txn->req;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002991 struct acl_cond *cond;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01002992 struct req_acl_rule *req_acl, *req_acl_final = NULL;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02002993 struct redirect_rule *rule;
Willy Tarreauf4f04122010-01-28 18:10:50 +01002994 struct cond_wordlist *wl;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01002995 int del_ka, del_cl, do_stats;
Willy Tarreaud787e662009-07-07 10:14:51 +02002996
Willy Tarreau655dce92009-11-08 13:10:58 +01002997 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02002998 /* we need more data */
Willy Tarreau520d95e2009-09-19 21:04:57 +02002999 buffer_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003000 return 0;
3001 }
3002
Willy Tarreau3a816292009-07-07 10:55:49 +02003003 req->analysers &= ~an_bit;
Willy Tarreaud787e662009-07-07 10:14:51 +02003004 req->analyse_exp = TICK_ETERNITY;
3005
3006 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
3007 now_ms, __FUNCTION__,
3008 s,
3009 req,
3010 req->rex, req->wex,
3011 req->flags,
3012 req->l,
3013 req->analysers);
3014
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003015 /* first check whether we have some ACLs set to block this request */
3016 list_for_each_entry(cond, &px->block_cond, list) {
3017 int ret = acl_exec_cond(cond, px, s, txn, ACL_DIR_REQ);
Willy Tarreaub463dfb2008-06-07 23:08:56 +02003018
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003019 ret = acl_pass(ret);
3020 if (cond->pol == ACL_COND_UNLESS)
3021 ret = !ret;
Willy Tarreau53b6c742006-12-17 13:37:46 +01003022
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003023 if (ret) {
3024 txn->status = 403;
3025 /* let's log the request time */
3026 s->logs.tv_request = now;
3027 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003028 session_inc_http_err_ctr(s);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003029 goto return_prx_cond;
Willy Tarreau59234e92008-11-30 23:51:27 +01003030 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003031 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003032
Willy Tarreau295a8372011-03-10 11:25:07 +01003033 do_stats = stats_check_uri(s->rep->prod, txn, px);
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003034
3035 list_for_each_entry(req_acl, (do_stats?&px->uri_auth->req_acl:&px->req_acl), list) {
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003036 int ret = 1;
3037
3038 if (req_acl->action >= PR_REQ_ACL_ACT_MAX)
3039 continue;
3040
3041 /* check condition, but only if attached */
Krzysztof Olędzki711ad9e2010-02-01 12:36:53 +01003042 if (req_acl->cond) {
3043 ret = acl_exec_cond(req_acl->cond, px, s, txn, ACL_DIR_REQ);
3044 ret = acl_pass(ret);
Willy Tarreau51425942010-02-01 10:40:19 +01003045
Krzysztof Olędzki711ad9e2010-02-01 12:36:53 +01003046 if (req_acl->cond->pol == ACL_COND_UNLESS)
3047 ret = !ret;
3048 }
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003049
3050 if (ret) {
3051 req_acl_final = req_acl;
3052 break;
3053 }
3054 }
3055
3056 if (req_acl_final && req_acl_final->action == PR_REQ_ACL_ACT_DENY) {
3057 txn->status = 403;
3058 s->logs.tv_request = now;
3059 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003060 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003061 goto return_prx_cond;
3062 }
3063
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003064 /* try headers filters */
3065 if (px->req_exp != NULL) {
Willy Tarreau6c123b12010-01-28 20:22:06 +01003066 if (apply_filters_to_request(s, req, px) < 0)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003067 goto return_bad_req;
Willy Tarreau06619262006-12-17 08:37:22 +01003068
Willy Tarreau59234e92008-11-30 23:51:27 +01003069 /* has the request been denied ? */
3070 if (txn->flags & TX_CLDENY) {
3071 /* no need to go further */
3072 txn->status = 403;
3073 /* let's log the request time */
3074 s->logs.tv_request = now;
3075 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_403));
Willy Tarreauda7ff642010-06-23 11:44:09 +02003076 session_inc_http_err_ctr(s);
Willy Tarreau59234e92008-11-30 23:51:27 +01003077 goto return_prx_cond;
3078 }
Willy Tarreauc465fd72009-08-31 00:17:18 +02003079
3080 /* When a connection is tarpitted, we use the tarpit timeout,
3081 * which may be the same as the connect timeout if unspecified.
3082 * If unset, then set it to zero because we really want it to
3083 * eventually expire. We build the tarpit as an analyser.
3084 */
3085 if (txn->flags & TX_CLTARPIT) {
3086 buffer_erase(s->req);
3087 /* wipe the request out so that we can drop the connection early
3088 * if the client closes first.
3089 */
Willy Tarreau520d95e2009-09-19 21:04:57 +02003090 buffer_dont_connect(req);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003091 req->analysers = 0; /* remove switching rules etc... */
3092 req->analysers |= AN_REQ_HTTP_TARPIT;
3093 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.tarpit);
3094 if (!req->analyse_exp)
3095 req->analyse_exp = tick_add(now_ms, 0);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003096 session_inc_http_err_ctr(s);
Willy Tarreauc465fd72009-08-31 00:17:18 +02003097 return 1;
3098 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003099 }
Willy Tarreau06619262006-12-17 08:37:22 +01003100
Willy Tarreau5b154472009-12-21 20:11:07 +01003101 /* Until set to anything else, the connection mode is set as TUNNEL. It will
3102 * only change if both the request and the config reference something else.
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003103 * Option httpclose by itself does not set a mode, it remains a tunnel mode
3104 * in which headers are mangled. However, if another mode is set, it will
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003105 * affect it (eg: server-close/keep-alive + httpclose = close). Note that we
3106 * avoid to redo the same work if FE and BE have the same settings (common).
3107 * The method consists in checking if options changed between the two calls
3108 * (implying that either one is non-null, or one of them is non-null and we
3109 * are there for the first time.
Willy Tarreau42736642009-10-18 21:04:35 +02003110 */
Willy Tarreau5b154472009-12-21 20:11:07 +01003111
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003112 del_cl = del_ka = 0;
3113
Willy Tarreaudc008c52010-02-01 16:20:08 +01003114 if ((!(txn->flags & TX_HDR_CONN_PRS) &&
3115 (s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO))) ||
3116 ((s->fe->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)) !=
3117 (s->be->options & (PR_O_KEEPALIVE|PR_O_SERVER_CLO|PR_O_HTTP_CLOSE|PR_O_FORCE_CLO)))) {
Willy Tarreau5b154472009-12-21 20:11:07 +01003118 int tmp = TX_CON_WANT_TUN;
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003119
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003120 if ((s->fe->options|s->be->options) & PR_O_KEEPALIVE ||
3121 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreau5b154472009-12-21 20:11:07 +01003122 tmp = TX_CON_WANT_KAL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01003123 if ((s->fe->options|s->be->options) & PR_O_SERVER_CLO)
3124 tmp = TX_CON_WANT_SCL;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003125 if ((s->fe->options|s->be->options) & PR_O_FORCE_CLO)
Willy Tarreau5b154472009-12-21 20:11:07 +01003126 tmp = TX_CON_WANT_CLO;
3127
Willy Tarreau5b154472009-12-21 20:11:07 +01003128 if ((txn->flags & TX_CON_WANT_MSK) < tmp)
3129 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003130
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003131 if (!(txn->flags & TX_HDR_CONN_PRS)) {
3132 /* parse the Connection header and possibly clean it */
3133 int to_del = 0;
3134 if ((txn->flags & TX_REQ_VER_11) ||
Willy Tarreau8a8e1d92010-04-05 16:15:16 +02003135 ((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL &&
3136 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA)))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003137 to_del |= 2; /* remove "keep-alive" */
3138 if (!(txn->flags & TX_REQ_VER_11))
3139 to_del |= 1; /* remove "close" */
3140 http_parse_connection_header(txn, msg, req, to_del);
Willy Tarreau0dfdf192010-01-05 11:33:11 +01003141 }
Willy Tarreau5b154472009-12-21 20:11:07 +01003142
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003143 /* check if client or config asks for explicit close in KAL/SCL */
3144 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
3145 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) &&
3146 ((txn->flags & TX_HDR_CONN_CLO) || /* "connection: close" */
3147 (txn->flags & (TX_REQ_VER_11|TX_HDR_CONN_KAL)) == 0 || /* no "connection: k-a" in 1.0 */
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003148 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE) || /* httpclose+any = forceclose */
Willy Tarreauc3e8b252010-01-28 15:01:20 +01003149 !(txn->flags & TX_REQ_XFER_LEN) || /* no length known => close */
3150 s->fe->state == PR_STSTOPPED)) /* frontend is stopping */
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003151 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
3152 }
Willy Tarreau78599912009-10-17 20:12:21 +02003153
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003154 /* add request headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01003155 list_for_each_entry(wl, &px->req_add, list) {
Willy Tarreau8abd4cd2010-01-31 14:30:44 +01003156 if (wl->cond) {
3157 int ret = acl_exec_cond(wl->cond, px, s, txn, ACL_DIR_REQ);
3158 ret = acl_pass(ret);
3159 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
3160 ret = !ret;
3161 if (!ret)
3162 continue;
3163 }
3164
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01003165 if (unlikely(http_header_add_tail(req, &txn->req, &txn->hdr_idx, wl->s) < 0))
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003166 goto return_bad_req;
3167 }
Willy Tarreaub2513902006-12-17 14:52:38 +01003168
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003169 if (req_acl_final && req_acl_final->action == PR_REQ_ACL_ACT_HTTP_AUTH) {
3170 struct chunk msg;
Willy Tarreau910ef302011-01-06 16:44:39 +01003171 char *realm = req_acl_final->http_auth.realm;
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003172
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003173 if (!realm)
3174 realm = do_stats?STATS_DEFAULT_REALM:px->id;
3175
Willy Tarreau844a7e72010-01-31 21:46:18 +01003176 sprintf(trash, (txn->flags & TX_USE_PX_CONN) ? HTTP_407_fmt : HTTP_401_fmt, realm);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003177 chunk_initlen(&msg, trash, sizeof(trash), strlen(trash));
3178 txn->status = 401;
3179 stream_int_retnclose(req->prod, &msg);
Willy Tarreauda7ff642010-06-23 11:44:09 +02003180 /* on 401 we still count one error, because normal browsing
3181 * won't significantly increase the counter but brute force
3182 * attempts will.
3183 */
3184 session_inc_http_err_ctr(s);
Krzysztof Piotr Oledzki59bb2182010-01-29 17:58:21 +01003185 goto return_prx_cond;
3186 }
3187
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003188 if (do_stats) {
Cyril Bonté474be412010-10-12 00:14:36 +02003189 struct stats_admin_rule *stats_admin_rule;
3190
3191 /* We need to provide stats for this request.
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003192 * FIXME!!! that one is rather dangerous, we want to
3193 * make it follow standard rules (eg: clear req->analysers).
3194 */
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003195
Cyril Bonté474be412010-10-12 00:14:36 +02003196 /* now check whether we have some admin rules for this request */
3197 list_for_each_entry(stats_admin_rule, &s->be->uri_auth->admin_rules, list) {
3198 int ret = 1;
3199
3200 if (stats_admin_rule->cond) {
3201 ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, ACL_DIR_REQ);
3202 ret = acl_pass(ret);
3203 if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
3204 ret = !ret;
3205 }
3206
3207 if (ret) {
3208 /* no rule, or the rule matches */
Willy Tarreau295a8372011-03-10 11:25:07 +01003209 s->rep->prod->applet.ctx.stats.flags |= STAT_ADMIN;
Cyril Bonté474be412010-10-12 00:14:36 +02003210 break;
3211 }
3212 }
3213
Cyril Bonté70be45d2010-10-12 00:14:35 +02003214 /* Was the status page requested with a POST ? */
3215 if (txn->meth == HTTP_METH_POST) {
Willy Tarreau295a8372011-03-10 11:25:07 +01003216 if (s->rep->prod->applet.ctx.stats.flags & STAT_ADMIN) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01003217 if (msg->msg_state < HTTP_MSG_100_SENT) {
3218 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3219 * send an HTTP/1.1 100 Continue intermediate response.
3220 */
3221 if (txn->flags & TX_REQ_VER_11) {
3222 struct hdr_ctx ctx;
3223 ctx.idx = 0;
3224 /* Expect is allowed in 1.1, look for it */
3225 if (http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx) &&
3226 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3227 buffer_write(s->rep, http_100_chunk.str, http_100_chunk.len);
3228 }
3229 }
3230 msg->msg_state = HTTP_MSG_100_SENT;
3231 s->logs.tv_request = now; /* update the request timer to reflect full request */
3232 }
Willy Tarreau295a8372011-03-10 11:25:07 +01003233 if (!http_process_req_stat_post(s->rep->prod, txn, req)) {
Cyril Bonté23b39d92011-02-10 22:54:44 +01003234 /* we need more data */
3235 req->analysers |= an_bit;
3236 buffer_dont_connect(req);
3237 return 0;
3238 }
Cyril Bonté474be412010-10-12 00:14:36 +02003239 } else {
Willy Tarreau295a8372011-03-10 11:25:07 +01003240 s->rep->prod->applet.ctx.stats.st_code = STAT_STATUS_DENY;
Cyril Bonté474be412010-10-12 00:14:36 +02003241 }
Cyril Bonté70be45d2010-10-12 00:14:35 +02003242 }
3243
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003244 s->logs.tv_request = now;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003245 s->task->nice = -32; /* small boost for HTTP statistics */
Willy Tarreaub24281b2011-02-13 13:16:36 +01003246 stream_int_register_handler(s->rep->prod, &http_stats_applet);
Willy Tarreaubc4af052011-02-13 13:25:14 +01003247 s->rep->prod->applet.private = s;
3248 s->rep->prod->applet.st0 = s->rep->prod->applet.st1 = 0;
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01003249 req->analysers = 0;
3250
3251 return 0;
3252
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003253 }
Willy Tarreaub2513902006-12-17 14:52:38 +01003254
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003255 /* check whether we have some ACLs set to redirect this request */
3256 list_for_each_entry(rule, &px->redirect_rules, list) {
Willy Tarreauf285f542010-01-03 20:03:03 +01003257 int ret = ACL_PAT_PASS;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003258
Willy Tarreauf285f542010-01-03 20:03:03 +01003259 if (rule->cond) {
3260 ret = acl_exec_cond(rule->cond, px, s, txn, ACL_DIR_REQ);
3261 ret = acl_pass(ret);
3262 if (rule->cond->pol == ACL_COND_UNLESS)
3263 ret = !ret;
3264 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003265
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003266 if (ret) {
Willy Tarreau3bb9c232010-01-03 12:24:37 +01003267 struct chunk rdr = { .str = trash, .size = sizeof(trash), .len = 0 };
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003268 const char *msg_fmt;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003269
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003270 /* build redirect message */
3271 switch(rule->code) {
3272 case 303:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003273 msg_fmt = HTTP_303;
3274 break;
3275 case 301:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003276 msg_fmt = HTTP_301;
3277 break;
3278 case 302:
3279 default:
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003280 msg_fmt = HTTP_302;
3281 break;
3282 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003283
Willy Tarreau3bb9c232010-01-03 12:24:37 +01003284 if (unlikely(!chunk_strcpy(&rdr, msg_fmt)))
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003285 goto return_bad_req;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003286
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003287 switch(rule->type) {
3288 case REDIRECT_TYPE_PREFIX: {
3289 const char *path;
3290 int pathlen;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003291
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003292 path = http_get_path(txn);
3293 /* build message using path */
3294 if (path) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01003295 pathlen = txn->req.sl.rq.u_l + (txn->req.sol + txn->req.sl.rq.u) - path;
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003296 if (rule->flags & REDIRECT_FLAG_DROP_QS) {
3297 int qs = 0;
3298 while (qs < pathlen) {
3299 if (path[qs] == '?') {
3300 pathlen = qs;
3301 break;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003302 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003303 qs++;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003304 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003305 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003306 } else {
3307 path = "/";
3308 pathlen = 1;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003309 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003310
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +02003311 if (rdr.len + rule->rdr_len + pathlen > rdr.size - 4)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003312 goto return_bad_req;
3313
3314 /* add prefix. Note that if prefix == "/", we don't want to
3315 * add anything, otherwise it makes it hard for the user to
3316 * configure a self-redirection.
3317 */
3318 if (rule->rdr_len != 1 || *rule->rdr_str != '/') {
Willy Tarreau06b917c2009-07-06 16:34:52 +02003319 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
3320 rdr.len += rule->rdr_len;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003321 }
3322
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003323 /* add path */
3324 memcpy(rdr.str + rdr.len, path, pathlen);
3325 rdr.len += pathlen;
Willy Tarreau81e3b4f2010-01-10 00:42:19 +01003326
3327 /* append a slash at the end of the location is needed and missing */
3328 if (rdr.len && rdr.str[rdr.len - 1] != '/' &&
3329 (rule->flags & REDIRECT_FLAG_APPEND_SLASH)) {
3330 if (rdr.len > rdr.size - 5)
3331 goto return_bad_req;
3332 rdr.str[rdr.len] = '/';
3333 rdr.len++;
3334 }
3335
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003336 break;
3337 }
3338 case REDIRECT_TYPE_LOCATION:
3339 default:
Krzysztof Piotr Oledzki78abe612009-09-27 13:23:20 +02003340 if (rdr.len + rule->rdr_len > rdr.size - 4)
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003341 goto return_bad_req;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003342
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003343 /* add location */
3344 memcpy(rdr.str + rdr.len, rule->rdr_str, rule->rdr_len);
3345 rdr.len += rule->rdr_len;
3346 break;
3347 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003348
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003349 if (rule->cookie_len) {
3350 memcpy(rdr.str + rdr.len, "\r\nSet-Cookie: ", 14);
3351 rdr.len += 14;
3352 memcpy(rdr.str + rdr.len, rule->cookie_str, rule->cookie_len);
3353 rdr.len += rule->cookie_len;
3354 memcpy(rdr.str + rdr.len, "\r\n", 2);
3355 rdr.len += 2;
Willy Tarreau06b917c2009-07-06 16:34:52 +02003356 }
Willy Tarreau06b917c2009-07-06 16:34:52 +02003357
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003358 /* add end of headers and the keep-alive/close status.
3359 * We may choose to set keep-alive if the Location begins
3360 * with a slash, because the client will come back to the
3361 * same server.
3362 */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003363 txn->status = rule->code;
3364 /* let's log the request time */
3365 s->logs.tv_request = now;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003366
3367 if (rule->rdr_len >= 1 && *rule->rdr_str == '/' &&
3368 (txn->flags & TX_REQ_XFER_LEN) &&
Willy Tarreau124d9912011-03-01 20:30:48 +01003369 !(txn->flags & TX_REQ_TE_CHNK) && !txn->req.body_len &&
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003370 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL ||
3371 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL)) {
3372 /* keep-alive possible */
Willy Tarreau75661452010-01-10 10:35:01 +01003373 if (!(txn->flags & TX_REQ_VER_11)) {
Willy Tarreau88d349d2010-01-25 12:15:43 +01003374 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3375 memcpy(rdr.str + rdr.len, "\r\nProxy-Connection: keep-alive", 30);
3376 rdr.len += 30;
3377 } else {
3378 memcpy(rdr.str + rdr.len, "\r\nConnection: keep-alive", 24);
3379 rdr.len += 24;
3380 }
Willy Tarreau75661452010-01-10 10:35:01 +01003381 }
3382 memcpy(rdr.str + rdr.len, "\r\n\r\n", 4);
3383 rdr.len += 4;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003384 buffer_write(req->prod->ob, rdr.str, rdr.len);
3385 /* "eat" the request */
3386 buffer_ignore(req, msg->sov - msg->som);
3387 msg->som = msg->sov;
3388 req->analysers = AN_REQ_HTTP_XFER_BODY;
Willy Tarreau9300fb22010-01-05 00:58:24 +01003389 s->rep->analysers = AN_RES_HTTP_XFER_BODY;
3390 txn->req.msg_state = HTTP_MSG_CLOSED;
3391 txn->rsp.msg_state = HTTP_MSG_DONE;
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003392 break;
3393 } else {
3394 /* keep-alive not possible */
Willy Tarreau88d349d2010-01-25 12:15:43 +01003395 if (unlikely(txn->flags & TX_USE_PX_CONN)) {
3396 memcpy(rdr.str + rdr.len, "\r\nProxy-Connection: close\r\n\r\n", 29);
3397 rdr.len += 29;
3398 } else {
3399 memcpy(rdr.str + rdr.len, "\r\nConnection: close\r\n\r\n", 23);
3400 rdr.len += 23;
3401 }
Willy Tarreau148d0992010-01-10 10:21:21 +01003402 stream_int_retnclose(req->prod, &rdr);
Willy Tarreaua9679ac2010-01-03 17:32:57 +01003403 goto return_prx_cond;
3404 }
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003405 }
3406 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003407
Willy Tarreau2be39392010-01-03 17:24:51 +01003408 /* POST requests may be accompanied with an "Expect: 100-Continue" header.
3409 * If this happens, then the data will not come immediately, so we must
3410 * send all what we have without waiting. Note that due to the small gain
3411 * in waiting for the body of the request, it's easier to simply put the
3412 * BF_SEND_DONTWAIT flag any time. It's a one-shot flag so it will remove
3413 * itself once used.
3414 */
3415 req->flags |= BF_SEND_DONTWAIT;
3416
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003417 /* that's OK for us now, let's move on to next analysers */
3418 return 1;
Willy Tarreau11382812008-07-09 16:18:21 +02003419
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003420 return_bad_req:
3421 /* We centralize bad requests processing here */
3422 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
3423 /* we detected a parsing error. We want to archive this request
3424 * in the dedicated proxy area for later troubleshooting.
3425 */
Willy Tarreau078272e2010-12-12 12:46:33 +01003426 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003427 }
Willy Tarreau55ea7572007-06-17 19:56:27 +02003428
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003429 txn->req.msg_state = HTTP_MSG_ERROR;
3430 txn->status = 400;
3431 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003432
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02003433 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003434 if (s->listener->counters)
3435 s->listener->counters->failed_req++;
Willy Tarreau6e4261e2007-09-18 18:36:05 +02003436
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003437 return_prx_cond:
3438 if (!(s->flags & SN_ERR_MASK))
3439 s->flags |= SN_ERR_PRXCOND;
3440 if (!(s->flags & SN_FINST_MASK))
3441 s->flags |= SN_FINST_R;
Willy Tarreauf1221aa2006-12-17 22:14:12 +01003442
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003443 req->analysers = 0;
3444 req->analyse_exp = TICK_ETERNITY;
3445 return 0;
3446}
Willy Tarreau58f10d72006-12-04 02:26:12 +01003447
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003448/* This function performs all the processing enabled for the current request.
3449 * It returns 1 if the processing can continue on next analysers, or zero if it
3450 * needs more data, encounters an error, or wants to immediately abort the
3451 * request. It relies on buffers flags, and updates s->req->analysers.
3452 */
3453int http_process_request(struct session *s, struct buffer *req, int an_bit)
3454{
3455 struct http_txn *txn = &s->txn;
3456 struct http_msg *msg = &txn->req;
Willy Tarreau58f10d72006-12-04 02:26:12 +01003457
Willy Tarreau655dce92009-11-08 13:10:58 +01003458 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau51aecc72009-07-12 09:47:04 +02003459 /* we need more data */
Willy Tarreau520d95e2009-09-19 21:04:57 +02003460 buffer_dont_connect(req);
Willy Tarreau51aecc72009-07-12 09:47:04 +02003461 return 0;
3462 }
3463
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02003464 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
3465 now_ms, __FUNCTION__,
3466 s,
3467 req,
3468 req->rex, req->wex,
3469 req->flags,
3470 req->l,
3471 req->analysers);
Willy Tarreau06619262006-12-17 08:37:22 +01003472
Willy Tarreau59234e92008-11-30 23:51:27 +01003473 /*
3474 * Right now, we know that we have processed the entire headers
3475 * and that unwanted requests have been filtered out. We can do
3476 * whatever we want with the remaining request. Also, now we
3477 * may have separate values for ->fe, ->be.
3478 */
Willy Tarreau06619262006-12-17 08:37:22 +01003479
Willy Tarreau59234e92008-11-30 23:51:27 +01003480 /*
3481 * If HTTP PROXY is set we simply get remote server address
3482 * parsing incoming request.
3483 */
3484 if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SN_ADDR_SET)) {
Willy Tarreau957c0a52011-03-03 17:42:23 +01003485 url2sa(msg->sol + msg->sl.rq.u, msg->sl.rq.u_l, &s->req->cons->addr.s.to);
Willy Tarreau59234e92008-11-30 23:51:27 +01003486 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01003487
Willy Tarreau59234e92008-11-30 23:51:27 +01003488 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003489 * 7: Now we can work with the cookies.
Willy Tarreau59234e92008-11-30 23:51:27 +01003490 * Note that doing so might move headers in the request, but
3491 * the fields will stay coherent and the URI will not move.
3492 * This should only be performed in the backend.
3493 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02003494 if ((s->be->cookie_name || s->be->appsession_name || s->fe->capture_name)
Willy Tarreau59234e92008-11-30 23:51:27 +01003495 && !(txn->flags & (TX_CLDENY|TX_CLTARPIT)))
3496 manage_client_side_cookies(s, req);
Willy Tarreau7ac51f62007-03-25 16:00:04 +02003497
Willy Tarreau59234e92008-11-30 23:51:27 +01003498 /*
Cyril Bontéb21570a2009-11-29 20:04:48 +01003499 * 8: the appsession cookie was looked up very early in 1.2,
3500 * so let's do the same now.
3501 */
3502
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02003503 /* It needs to look into the URI unless persistence must be ignored */
3504 if ((txn->sessid == NULL) && s->be->appsession_name && !(s->flags & SN_IGNORE_PRST)) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01003505 get_srv_from_appsession(s, msg->sol + msg->sl.rq.u, msg->sl.rq.u_l);
Cyril Bontéb21570a2009-11-29 20:04:48 +01003506 }
3507
3508 /*
Willy Tarreau59234e92008-11-30 23:51:27 +01003509 * 9: add X-Forwarded-For if either the frontend or the backend
3510 * asks for it.
3511 */
3512 if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
Willy Tarreau957c0a52011-03-03 17:42:23 +01003513 if (s->req->prod->addr.c.from.ss_family == AF_INET) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003514 /* Add an X-Forwarded-For header unless the source IP is
3515 * in the 'except' network range.
3516 */
3517 if ((!s->fe->except_mask.s_addr ||
Willy Tarreau957c0a52011-03-03 17:42:23 +01003518 (((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_addr.s_addr & s->fe->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003519 != s->fe->except_net.s_addr) &&
3520 (!s->be->except_mask.s_addr ||
Willy Tarreau957c0a52011-03-03 17:42:23 +01003521 (((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_addr.s_addr & s->be->except_mask.s_addr)
Willy Tarreau59234e92008-11-30 23:51:27 +01003522 != s->be->except_net.s_addr)) {
Willy Tarreau2a324282006-12-05 00:05:46 +01003523 int len;
Willy Tarreau59234e92008-11-30 23:51:27 +01003524 unsigned char *pn;
Willy Tarreau957c0a52011-03-03 17:42:23 +01003525 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->addr.c.from)->sin_addr;
Ross Westaf72a1d2008-08-03 10:51:45 +02003526
3527 /* Note: we rely on the backend to get the header name to be used for
3528 * x-forwarded-for, because the header is really meant for the backends.
3529 * However, if the backend did not specify any option, we have to rely
3530 * on the frontend's header name.
3531 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003532 if (s->be->fwdfor_hdr_len) {
3533 len = s->be->fwdfor_hdr_len;
3534 memcpy(trash, s->be->fwdfor_hdr_name, len);
Ross Westaf72a1d2008-08-03 10:51:45 +02003535 } else {
Willy Tarreau59234e92008-11-30 23:51:27 +01003536 len = s->fe->fwdfor_hdr_len;
3537 memcpy(trash, s->fe->fwdfor_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01003538 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003539 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
Willy Tarreauedcf6682008-11-30 23:15:34 +01003540
Willy Tarreau4af6f3a2007-03-18 22:36:26 +01003541 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau58cc8722009-12-28 06:57:33 +01003542 &txn->hdr_idx, trash, len) < 0))
Willy Tarreau06619262006-12-17 08:37:22 +01003543 goto return_bad_req;
Willy Tarreau2a324282006-12-05 00:05:46 +01003544 }
3545 }
Willy Tarreau957c0a52011-03-03 17:42:23 +01003546 else if (s->req->prod->addr.c.from.ss_family == AF_INET6) {
Willy Tarreau59234e92008-11-30 23:51:27 +01003547 /* FIXME: for the sake of completeness, we should also support
3548 * 'except' here, although it is mostly useless in this case.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003549 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003550 int len;
3551 char pn[INET6_ADDRSTRLEN];
3552 inet_ntop(AF_INET6,
Willy Tarreau957c0a52011-03-03 17:42:23 +01003553 (const void *)&((struct sockaddr_in6 *)(&s->req->prod->addr.c.from))->sin6_addr,
Willy Tarreau59234e92008-11-30 23:51:27 +01003554 pn, sizeof(pn));
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003555
Willy Tarreau59234e92008-11-30 23:51:27 +01003556 /* Note: we rely on the backend to get the header name to be used for
3557 * x-forwarded-for, because the header is really meant for the backends.
3558 * However, if the backend did not specify any option, we have to rely
3559 * on the frontend's header name.
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003560 */
Willy Tarreau59234e92008-11-30 23:51:27 +01003561 if (s->be->fwdfor_hdr_len) {
3562 len = s->be->fwdfor_hdr_len;
3563 memcpy(trash, s->be->fwdfor_hdr_name, len);
3564 } else {
3565 len = s->fe->fwdfor_hdr_len;
3566 memcpy(trash, s->fe->fwdfor_hdr_name, len);
matt.farnsworth@nokia.com1c2ab962008-04-14 20:47:37 +02003567 }
Willy Tarreau59234e92008-11-30 23:51:27 +01003568 len += sprintf(trash + len, ": %s", pn);
Willy Tarreauadfb8562008-08-11 15:24:42 +02003569
Willy Tarreau59234e92008-11-30 23:51:27 +01003570 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau58cc8722009-12-28 06:57:33 +01003571 &txn->hdr_idx, trash, len) < 0))
Willy Tarreau59234e92008-11-30 23:51:27 +01003572 goto return_bad_req;
3573 }
3574 }
3575
3576 /*
Maik Broemme2850cb42009-04-17 18:53:21 +02003577 * 10: add X-Original-To if either the frontend or the backend
3578 * asks for it.
3579 */
3580 if ((s->fe->options | s->be->options) & PR_O_ORGTO) {
3581
3582 /* FIXME: don't know if IPv6 can handle that case too. */
Willy Tarreau957c0a52011-03-03 17:42:23 +01003583 if (s->req->prod->addr.c.from.ss_family == AF_INET) {
Maik Broemme2850cb42009-04-17 18:53:21 +02003584 /* Add an X-Original-To header unless the destination IP is
3585 * in the 'except' network range.
3586 */
3587 if (!(s->flags & SN_FRT_ADDR_SET))
3588 get_frt_addr(s);
3589
Willy Tarreau957c0a52011-03-03 17:42:23 +01003590 if (s->req->prod->addr.c.to.ss_family == AF_INET &&
Emeric Brun5bd86a82010-10-22 17:23:04 +02003591 ((!s->fe->except_mask_to.s_addr ||
Willy Tarreau957c0a52011-03-03 17:42:23 +01003592 (((struct sockaddr_in *)&s->req->prod->addr.c.to)->sin_addr.s_addr & s->fe->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02003593 != s->fe->except_to.s_addr) &&
3594 (!s->be->except_mask_to.s_addr ||
Willy Tarreau957c0a52011-03-03 17:42:23 +01003595 (((struct sockaddr_in *)&s->req->prod->addr.c.to)->sin_addr.s_addr & s->be->except_mask_to.s_addr)
Emeric Brun5bd86a82010-10-22 17:23:04 +02003596 != s->be->except_to.s_addr))) {
Maik Broemme2850cb42009-04-17 18:53:21 +02003597 int len;
3598 unsigned char *pn;
Willy Tarreau957c0a52011-03-03 17:42:23 +01003599 pn = (unsigned char *)&((struct sockaddr_in *)&s->req->prod->addr.c.to)->sin_addr;
Maik Broemme2850cb42009-04-17 18:53:21 +02003600
3601 /* Note: we rely on the backend to get the header name to be used for
3602 * x-original-to, because the header is really meant for the backends.
3603 * However, if the backend did not specify any option, we have to rely
3604 * on the frontend's header name.
3605 */
3606 if (s->be->orgto_hdr_len) {
3607 len = s->be->orgto_hdr_len;
3608 memcpy(trash, s->be->orgto_hdr_name, len);
3609 } else {
3610 len = s->fe->orgto_hdr_len;
3611 memcpy(trash, s->fe->orgto_hdr_name, len);
Willy Tarreaub86db342009-11-30 11:50:16 +01003612 }
Maik Broemme2850cb42009-04-17 18:53:21 +02003613 len += sprintf(trash + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
3614
3615 if (unlikely(http_header_add_tail2(req, &txn->req,
Willy Tarreau58cc8722009-12-28 06:57:33 +01003616 &txn->hdr_idx, trash, len) < 0))
Maik Broemme2850cb42009-04-17 18:53:21 +02003617 goto return_bad_req;
3618 }
3619 }
3620 }
3621
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003622 /* 11: add "Connection: close" or "Connection: keep-alive" if needed and not yet set. */
3623 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
Cyril Bonté9ea2b9a2010-12-29 09:36:56 +01003624 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) {
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003625 unsigned int want_flags = 0;
3626
3627 if (txn->flags & TX_REQ_VER_11) {
Willy Tarreau22a95342010-09-29 14:31:41 +02003628 if (((txn->flags & TX_CON_WANT_MSK) >= TX_CON_WANT_SCL ||
3629 ((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) &&
3630 !((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003631 want_flags |= TX_CON_CLO_SET;
3632 } else {
Willy Tarreau22a95342010-09-29 14:31:41 +02003633 if (((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL &&
3634 !((s->fe->options|s->be->options) & PR_O_HTTP_CLOSE)) ||
3635 ((s->fe->options2|s->be->options2) & PR_O2_FAKE_KA))
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003636 want_flags |= TX_CON_KAL_SET;
3637 }
3638
3639 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
3640 http_change_connection_header(txn, msg, req, want_flags);
Willy Tarreau59234e92008-11-30 23:51:27 +01003641 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003642
Willy Tarreaubbf0b372010-01-18 16:54:40 +01003643
Willy Tarreau522d6c02009-12-06 18:49:18 +01003644 /* If we have no server assigned yet and we're balancing on url_param
3645 * with a POST request, we may be interested in checking the body for
3646 * that parameter. This will be done in another analyser.
Willy Tarreau59234e92008-11-30 23:51:27 +01003647 */
3648 if (!(s->flags & (SN_ASSIGNED|SN_DIRECT)) &&
3649 s->txn.meth == HTTP_METH_POST && s->be->url_param_name != NULL &&
Willy Tarreau522d6c02009-12-06 18:49:18 +01003650 s->be->url_param_post_limit != 0 &&
Willy Tarreau61a21a32011-03-01 20:35:49 +01003651 (txn->flags & (TX_REQ_CNT_LEN|TX_REQ_TE_CHNK))) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01003652 buffer_dont_connect(req);
3653 req->analysers |= AN_REQ_HTTP_BODY;
Willy Tarreau59234e92008-11-30 23:51:27 +01003654 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02003655
Willy Tarreaud98cf932009-12-27 22:54:55 +01003656 if (txn->flags & TX_REQ_XFER_LEN)
3657 req->analysers |= AN_REQ_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01003658
Willy Tarreau59234e92008-11-30 23:51:27 +01003659 /*************************************************************
3660 * OK, that's finished for the headers. We have done what we *
3661 * could. Let's switch to the DATA state. *
3662 ************************************************************/
Willy Tarreau522d6c02009-12-06 18:49:18 +01003663 req->analyse_exp = TICK_ETERNITY;
3664 req->analysers &= ~an_bit;
Willy Tarreaubaaee002006-06-26 02:48:02 +02003665
Willy Tarreau59234e92008-11-30 23:51:27 +01003666 s->logs.tv_request = now;
Willy Tarreau59234e92008-11-30 23:51:27 +01003667 /* OK let's go on with the BODY now */
3668 return 1;
Willy Tarreau06619262006-12-17 08:37:22 +01003669
Willy Tarreau59234e92008-11-30 23:51:27 +01003670 return_bad_req: /* let's centralize all bad requests */
Willy Tarreau4076a152009-04-02 15:18:36 +02003671 if (unlikely(msg->msg_state == HTTP_MSG_ERROR) || msg->err_pos >= 0) {
Willy Tarreauf073a832009-03-01 23:21:47 +01003672 /* we detected a parsing error. We want to archive this request
3673 * in the dedicated proxy area for later troubleshooting.
3674 */
Willy Tarreau078272e2010-12-12 12:46:33 +01003675 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, msg->msg_state, s->fe);
Willy Tarreauf073a832009-03-01 23:21:47 +01003676 }
Willy Tarreau4076a152009-04-02 15:18:36 +02003677
Willy Tarreau59234e92008-11-30 23:51:27 +01003678 txn->req.msg_state = HTTP_MSG_ERROR;
3679 txn->status = 400;
3680 req->analysers = 0;
3681 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003682
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02003683 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003684 if (s->listener->counters)
3685 s->listener->counters->failed_req++;
Willy Tarreauadfb8562008-08-11 15:24:42 +02003686
Willy Tarreau59234e92008-11-30 23:51:27 +01003687 if (!(s->flags & SN_ERR_MASK))
3688 s->flags |= SN_ERR_PRXCOND;
3689 if (!(s->flags & SN_FINST_MASK))
3690 s->flags |= SN_FINST_R;
Willy Tarreaudafde432008-08-17 01:00:46 +02003691 return 0;
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02003692}
Willy Tarreauadfb8562008-08-11 15:24:42 +02003693
Willy Tarreau60b85b02008-11-30 23:28:40 +01003694/* This function is an analyser which processes the HTTP tarpit. It always
3695 * returns zero, at the beginning because it prevents any other processing
3696 * from occurring, and at the end because it terminates the request.
3697 */
Willy Tarreau3a816292009-07-07 10:55:49 +02003698int http_process_tarpit(struct session *s, struct buffer *req, int an_bit)
Willy Tarreau60b85b02008-11-30 23:28:40 +01003699{
3700 struct http_txn *txn = &s->txn;
3701
3702 /* This connection is being tarpitted. The CLIENT side has
3703 * already set the connect expiration date to the right
3704 * timeout. We just have to check that the client is still
3705 * there and that the timeout has not expired.
3706 */
Willy Tarreau520d95e2009-09-19 21:04:57 +02003707 buffer_dont_connect(req);
Willy Tarreau60b85b02008-11-30 23:28:40 +01003708 if ((req->flags & (BF_SHUTR|BF_READ_ERROR)) == 0 &&
3709 !tick_is_expired(req->analyse_exp, now_ms))
3710 return 0;
3711
3712 /* We will set the queue timer to the time spent, just for
3713 * logging purposes. We fake a 500 server error, so that the
3714 * attacker will not suspect his connection has been tarpitted.
3715 * It will not cause trouble to the logs because we can exclude
3716 * the tarpitted connections by filtering on the 'PT' status flags.
3717 */
Willy Tarreau60b85b02008-11-30 23:28:40 +01003718 s->logs.t_queue = tv_ms_elapsed(&s->logs.tv_accept, &now);
3719
3720 txn->status = 500;
3721 if (req->flags != BF_READ_ERROR)
3722 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_500));
3723
3724 req->analysers = 0;
3725 req->analyse_exp = TICK_ETERNITY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003726
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02003727 s->fe->counters.failed_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02003728 if (s->listener->counters)
3729 s->listener->counters->failed_req++;
Willy Tarreau60b85b02008-11-30 23:28:40 +01003730
Willy Tarreau60b85b02008-11-30 23:28:40 +01003731 if (!(s->flags & SN_ERR_MASK))
3732 s->flags |= SN_ERR_PRXCOND;
3733 if (!(s->flags & SN_FINST_MASK))
3734 s->flags |= SN_FINST_T;
3735 return 0;
3736}
3737
Willy Tarreaud34af782008-11-30 23:36:37 +01003738/* This function is an analyser which processes the HTTP request body. It looks
3739 * for parameters to be used for the load balancing algorithm (url_param). It
3740 * must only be called after the standard HTTP request processing has occurred,
3741 * because it expects the request to be parsed. It returns zero if it needs to
3742 * read more data, or 1 once it has completed its analysis.
3743 */
Willy Tarreau3a816292009-07-07 10:55:49 +02003744int http_process_request_body(struct session *s, struct buffer *req, int an_bit)
Willy Tarreaud34af782008-11-30 23:36:37 +01003745{
Willy Tarreau522d6c02009-12-06 18:49:18 +01003746 struct http_txn *txn = &s->txn;
Willy Tarreaud34af782008-11-30 23:36:37 +01003747 struct http_msg *msg = &s->txn.req;
Willy Tarreaud34af782008-11-30 23:36:37 +01003748 long long limit = s->be->url_param_post_limit;
Willy Tarreaud34af782008-11-30 23:36:37 +01003749
3750 /* We have to parse the HTTP request body to find any required data.
3751 * "balance url_param check_post" should have been the only way to get
3752 * into this. We were brought here after HTTP header analysis, so all
3753 * related structures are ready.
3754 */
3755
Willy Tarreau522d6c02009-12-06 18:49:18 +01003756 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
3757 goto missing_data;
3758
3759 if (msg->msg_state < HTTP_MSG_100_SENT) {
3760 /* If we have HTTP/1.1 and Expect: 100-continue, then we must
3761 * send an HTTP/1.1 100 Continue intermediate response.
3762 */
Willy Tarreau9e13c3c2009-12-22 09:59:58 +01003763 if (txn->flags & TX_REQ_VER_11) {
Willy Tarreau522d6c02009-12-06 18:49:18 +01003764 struct hdr_ctx ctx;
3765 ctx.idx = 0;
3766 /* Expect is allowed in 1.1, look for it */
3767 if (http_find_header2("Expect", 6, msg->sol, &txn->hdr_idx, &ctx) &&
3768 unlikely(ctx.vlen == 12 && strncasecmp(ctx.line+ctx.val, "100-continue", 12) == 0)) {
3769 buffer_write(s->rep, http_100_chunk.str, http_100_chunk.len);
3770 }
3771 }
3772 msg->msg_state = HTTP_MSG_100_SENT;
3773 }
3774
3775 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
Willy Tarreaud98cf932009-12-27 22:54:55 +01003776 /* we have msg->col and msg->sov which both point to the first
3777 * byte of message body. msg->som still points to the beginning
3778 * of the message. We must save the body in req->lr because it
3779 * survives buffer re-alignments.
3780 */
3781 req->lr = req->data + msg->sov;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003782 if (txn->flags & TX_REQ_TE_CHNK)
3783 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
3784 else
3785 msg->msg_state = HTTP_MSG_DATA;
3786 }
3787
3788 if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01003789 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaud98cf932009-12-27 22:54:55 +01003790 * set ->sov and ->lr to point to the body and switch to DATA or
3791 * TRAILERS state.
Willy Tarreau115acb92009-12-26 13:56:06 +01003792 */
3793 int ret = http_parse_chunk_size(req, msg);
Willy Tarreaud34af782008-11-30 23:36:37 +01003794
Willy Tarreau115acb92009-12-26 13:56:06 +01003795 if (!ret)
3796 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02003797 else if (ret < 0) {
3798 session_inc_http_err_ctr(s);
Willy Tarreau522d6c02009-12-06 18:49:18 +01003799 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02003800 }
Willy Tarreaud34af782008-11-30 23:36:37 +01003801 }
3802
Willy Tarreaud98cf932009-12-27 22:54:55 +01003803 /* Now we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state.
Willy Tarreau522d6c02009-12-06 18:49:18 +01003804 * We have the first non-header byte in msg->col, which is either the
3805 * beginning of the chunk size or of the data. The first data byte is in
3806 * msg->sov, which is equal to msg->col when not using transfer-encoding.
3807 * We're waiting for at least <url_param_post_limit> bytes after msg->sov.
Willy Tarreaud34af782008-11-30 23:36:37 +01003808 */
Willy Tarreau522d6c02009-12-06 18:49:18 +01003809
Willy Tarreau124d9912011-03-01 20:30:48 +01003810 if (msg->body_len < limit)
3811 limit = msg->body_len;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003812
Willy Tarreau7c96f672009-12-27 22:47:25 +01003813 if (req->l - (msg->sov - msg->som) >= limit) /* we have enough bytes now */
Willy Tarreau522d6c02009-12-06 18:49:18 +01003814 goto http_end;
3815
3816 missing_data:
3817 /* we get here if we need to wait for more data */
Willy Tarreauda7ff642010-06-23 11:44:09 +02003818 if (req->flags & BF_FULL) {
3819 session_inc_http_err_ctr(s);
Willy Tarreau115acb92009-12-26 13:56:06 +01003820 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02003821 }
Willy Tarreau115acb92009-12-26 13:56:06 +01003822
Willy Tarreau522d6c02009-12-06 18:49:18 +01003823 if ((req->flags & BF_READ_TIMEOUT) || tick_is_expired(req->analyse_exp, now_ms)) {
3824 txn->status = 408;
3825 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_408));
Willy Tarreau79ebac62010-06-07 13:47:49 +02003826
3827 if (!(s->flags & SN_ERR_MASK))
3828 s->flags |= SN_ERR_CLITO;
3829 if (!(s->flags & SN_FINST_MASK))
3830 s->flags |= SN_FINST_D;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003831 goto return_err_msg;
Willy Tarreaud34af782008-11-30 23:36:37 +01003832 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003833
3834 /* we get here if we need to wait for more data */
3835 if (!(req->flags & (BF_FULL | BF_READ_ERROR | BF_SHUTR))) {
Willy Tarreaud34af782008-11-30 23:36:37 +01003836 /* Not enough data. We'll re-use the http-request
3837 * timeout here. Ideally, we should set the timeout
3838 * relative to the accept() date. We just set the
3839 * request timeout once at the beginning of the
3840 * request.
3841 */
Willy Tarreau520d95e2009-09-19 21:04:57 +02003842 buffer_dont_connect(req);
Willy Tarreaud34af782008-11-30 23:36:37 +01003843 if (!tick_isset(req->analyse_exp))
Willy Tarreaucd7afc02009-07-12 10:03:17 +02003844 req->analyse_exp = tick_add_ifset(now_ms, s->be->timeout.httpreq);
Willy Tarreaud34af782008-11-30 23:36:37 +01003845 return 0;
3846 }
Willy Tarreau522d6c02009-12-06 18:49:18 +01003847
3848 http_end:
3849 /* The situation will not evolve, so let's give up on the analysis. */
3850 s->logs.tv_request = now; /* update the request timer to reflect full request */
3851 req->analysers &= ~an_bit;
3852 req->analyse_exp = TICK_ETERNITY;
3853 return 1;
3854
3855 return_bad_req: /* let's centralize all bad requests */
3856 txn->req.msg_state = HTTP_MSG_ERROR;
3857 txn->status = 400;
3858 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
3859
Willy Tarreau79ebac62010-06-07 13:47:49 +02003860 if (!(s->flags & SN_ERR_MASK))
3861 s->flags |= SN_ERR_PRXCOND;
3862 if (!(s->flags & SN_FINST_MASK))
3863 s->flags |= SN_FINST_R;
3864
Willy Tarreau522d6c02009-12-06 18:49:18 +01003865 return_err_msg:
3866 req->analysers = 0;
3867 s->fe->counters.failed_req++;
3868 if (s->listener->counters)
3869 s->listener->counters->failed_req++;
Willy Tarreau522d6c02009-12-06 18:49:18 +01003870 return 0;
Willy Tarreaud34af782008-11-30 23:36:37 +01003871}
3872
Willy Tarreau610ecce2010-01-04 21:15:02 +01003873/* Terminate current transaction and prepare a new one. This is very tricky
3874 * right now but it works.
3875 */
3876void http_end_txn_clean_session(struct session *s)
3877{
3878 /* FIXME: We need a more portable way of releasing a backend's and a
3879 * server's connections. We need a safer way to reinitialize buffer
3880 * flags. We also need a more accurate method for computing per-request
3881 * data.
3882 */
3883 http_silent_debug(__LINE__, s);
3884
3885 s->req->cons->flags |= SI_FL_NOLINGER;
3886 s->req->cons->shutr(s->req->cons);
3887 s->req->cons->shutw(s->req->cons);
3888
3889 http_silent_debug(__LINE__, s);
3890
3891 if (s->flags & SN_BE_ASSIGNED)
3892 s->be->beconn--;
3893
3894 s->logs.t_close = tv_ms_elapsed(&s->logs.tv_accept, &now);
3895 session_process_counters(s);
Willy Tarreauf059a0f2010-08-03 16:29:52 +02003896 session_stop_backend_counters(s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01003897
3898 if (s->txn.status) {
3899 int n;
3900
3901 n = s->txn.status / 100;
3902 if (n < 1 || n > 5)
3903 n = 0;
3904
3905 if (s->fe->mode == PR_MODE_HTTP)
Willy Tarreau24657792010-02-26 10:30:28 +01003906 s->fe->counters.fe.http.rsp[n]++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01003907
Willy Tarreau24657792010-02-26 10:30:28 +01003908 if ((s->flags & SN_BE_ASSIGNED) &&
Willy Tarreau610ecce2010-01-04 21:15:02 +01003909 (s->be->mode == PR_MODE_HTTP))
Willy Tarreau24657792010-02-26 10:30:28 +01003910 s->be->counters.be.http.rsp[n]++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01003911 }
3912
3913 /* don't count other requests' data */
3914 s->logs.bytes_in -= s->req->l - s->req->send_max;
3915 s->logs.bytes_out -= s->rep->l - s->rep->send_max;
3916
3917 /* let's do a final log if we need it */
3918 if (s->logs.logwait &&
3919 !(s->flags & SN_MONITOR) &&
3920 (!(s->fe->options & PR_O_NULLNOLOG) || s->req->total)) {
3921 s->do_log(s);
3922 }
3923
3924 s->logs.accept_date = date; /* user-visible date for logging */
3925 s->logs.tv_accept = now; /* corrected date for internal use */
3926 tv_zero(&s->logs.tv_request);
3927 s->logs.t_queue = -1;
3928 s->logs.t_connect = -1;
3929 s->logs.t_data = -1;
3930 s->logs.t_close = 0;
3931 s->logs.prx_queue_size = 0; /* we get the number of pending conns before us */
3932 s->logs.srv_queue_size = 0; /* we will get this number soon */
3933
3934 s->logs.bytes_in = s->req->total = s->req->l - s->req->send_max;
3935 s->logs.bytes_out = s->rep->total = s->rep->l - s->rep->send_max;
3936
3937 if (s->pend_pos)
3938 pendconn_free(s->pend_pos);
3939
3940 if (s->srv) {
3941 if (s->flags & SN_CURR_SESS) {
3942 s->flags &= ~SN_CURR_SESS;
3943 s->srv->cur_sess--;
3944 }
3945 if (may_dequeue_tasks(s->srv, s->be))
3946 process_srv_queue(s->srv);
3947 }
3948
3949 if (unlikely(s->srv_conn))
3950 sess_change_server(s, NULL);
3951 s->srv = NULL;
Willy Tarreau9e000c62011-03-10 14:03:36 +01003952 clear_target(&s->target);
Willy Tarreau610ecce2010-01-04 21:15:02 +01003953
3954 s->req->cons->state = s->req->cons->prev_state = SI_ST_INI;
3955 s->req->cons->fd = -1; /* just to help with debugging */
3956 s->req->cons->err_type = SI_ET_NONE;
3957 s->req->cons->err_loc = NULL;
3958 s->req->cons->exp = TICK_ETERNITY;
3959 s->req->cons->flags = SI_FL_NONE;
Willy Tarreau90deb182010-01-07 00:20:41 +01003960 s->req->flags &= ~(BF_SHUTW|BF_SHUTW_NOW|BF_AUTO_CONNECT|BF_WRITE_ERROR|BF_STREAMER|BF_STREAMER_FAST);
3961 s->rep->flags &= ~(BF_SHUTR|BF_SHUTR_NOW|BF_READ_ATTACHED|BF_READ_ERROR|BF_READ_NOEXP|BF_STREAMER|BF_STREAMER_FAST|BF_WRITE_PARTIAL);
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02003962 s->flags &= ~(SN_DIRECT|SN_ASSIGNED|SN_ADDR_SET|SN_BE_ASSIGNED|SN_FORCE_PRST|SN_IGNORE_PRST);
Willy Tarreau610ecce2010-01-04 21:15:02 +01003963 s->flags &= ~(SN_CURR_SESS|SN_REDIRECTABLE);
3964 s->txn.meth = 0;
3965 http_reset_txn(s);
Willy Tarreaufcffa692010-01-10 14:21:19 +01003966 s->txn.flags |= TX_NOT_FIRST | TX_WAIT_NEXT_RQ;
Willy Tarreauee55dc02010-06-01 10:56:34 +02003967 if (s->fe->options2 & PR_O2_INDEPSTR)
Willy Tarreau610ecce2010-01-04 21:15:02 +01003968 s->req->cons->flags |= SI_FL_INDEP_STR;
3969
3970 /* if the request buffer is not empty, it means we're
3971 * about to process another request, so send pending
3972 * data with MSG_MORE to merge TCP packets when possible.
Willy Tarreau065e8332010-01-08 00:30:20 +01003973 * Just don't do this if the buffer is close to be full,
3974 * because the request will wait for it to flush a little
3975 * bit before proceeding.
Willy Tarreau610ecce2010-01-04 21:15:02 +01003976 */
Willy Tarreau065e8332010-01-08 00:30:20 +01003977 if (s->req->l > s->req->send_max) {
3978 if (s->rep->send_max &&
3979 !(s->rep->flags & BF_FULL) &&
Willy Tarreau065e8332010-01-08 00:30:20 +01003980 s->rep->r <= s->rep->data + s->rep->size - global.tune.maxrewrite)
3981 s->rep->flags |= BF_EXPECT_MORE;
3982 }
Willy Tarreau90deb182010-01-07 00:20:41 +01003983
3984 /* we're removing the analysers, we MUST re-enable events detection */
3985 buffer_auto_read(s->req);
3986 buffer_auto_close(s->req);
3987 buffer_auto_read(s->rep);
3988 buffer_auto_close(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01003989
3990 /* make ->lr point to the first non-forwarded byte */
3991 s->req->lr = s->req->w + s->req->send_max;
3992 if (s->req->lr >= s->req->data + s->req->size)
3993 s->req->lr -= s->req->size;
3994 s->rep->lr = s->rep->w + s->rep->send_max;
3995 if (s->rep->lr >= s->rep->data + s->rep->size)
3996 s->rep->lr -= s->req->size;
3997
Willy Tarreau342b11c2010-11-24 16:22:09 +01003998 s->req->analysers = s->listener->analysers;
3999 s->req->analysers &= ~AN_REQ_DECODE_PROXY;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004000 s->rep->analysers = 0;
4001
4002 http_silent_debug(__LINE__, s);
4003}
4004
4005
4006/* This function updates the request state machine according to the response
4007 * state machine and buffer flags. It returns 1 if it changes anything (flag
4008 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4009 * it is only used to find when a request/response couple is complete. Both
4010 * this function and its equivalent should loop until both return zero. It
4011 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4012 */
4013int http_sync_req_state(struct session *s)
4014{
4015 struct buffer *buf = s->req;
4016 struct http_txn *txn = &s->txn;
4017 unsigned int old_flags = buf->flags;
4018 unsigned int old_state = txn->req.msg_state;
4019
4020 http_silent_debug(__LINE__, s);
4021 if (unlikely(txn->req.msg_state < HTTP_MSG_BODY))
4022 return 0;
4023
4024 if (txn->req.msg_state == HTTP_MSG_DONE) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004025 /* No need to read anymore, the request was completely parsed.
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004026 * We can shut the read side unless we want to abort_on_close,
4027 * or we have a POST request. The issue with POST requests is
4028 * that some browsers still send a CRLF after the request, and
4029 * this CRLF must be read so that it does not remain in the kernel
4030 * buffers, otherwise a close could cause an RST on some systems
4031 * (eg: Linux).
Willy Tarreau90deb182010-01-07 00:20:41 +01004032 */
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004033 if (!(s->be->options & PR_O_ABRT_CLOSE) && txn->meth != HTTP_METH_POST)
Willy Tarreau90deb182010-01-07 00:20:41 +01004034 buffer_dont_read(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004035
4036 if (txn->rsp.msg_state == HTTP_MSG_ERROR)
4037 goto wait_other_side;
4038
4039 if (txn->rsp.msg_state < HTTP_MSG_DONE) {
4040 /* The server has not finished to respond, so we
4041 * don't want to move in order not to upset it.
4042 */
4043 goto wait_other_side;
4044 }
4045
4046 if (txn->rsp.msg_state == HTTP_MSG_TUNNEL) {
4047 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreau90deb182010-01-07 00:20:41 +01004048 buffer_auto_read(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004049 txn->req.msg_state = HTTP_MSG_TUNNEL;
4050 goto wait_other_side;
4051 }
4052
4053 /* When we get here, it means that both the request and the
4054 * response have finished receiving. Depending on the connection
4055 * mode, we'll have to wait for the last bytes to leave in either
4056 * direction, and sometimes for a close to be effective.
4057 */
4058
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004059 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4060 /* Server-close mode : queue a connection close to the server */
4061 if (!(buf->flags & (BF_SHUTW|BF_SHUTW_NOW)))
Willy Tarreau610ecce2010-01-04 21:15:02 +01004062 buffer_shutw_now(buf);
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004063 }
4064 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4065 /* Option forceclose is set, or either side wants to close,
4066 * let's enforce it now that we're not expecting any new
4067 * data to come. The caller knows the session is complete
4068 * once both states are CLOSED.
4069 */
4070 if (!(buf->flags & (BF_SHUTW|BF_SHUTW_NOW))) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004071 buffer_shutr_now(buf);
4072 buffer_shutw_now(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004073 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004074 }
4075 else {
4076 /* The last possible modes are keep-alive and tunnel. Since tunnel
4077 * mode does not set the body analyser, we can't reach this place
4078 * in tunnel mode, so we're left with keep-alive only.
4079 * This mode is currently not implemented, we switch to tunnel mode.
4080 */
4081 buffer_auto_read(buf);
4082 txn->req.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004083 }
4084
4085 if (buf->flags & (BF_SHUTW|BF_SHUTW_NOW)) {
4086 /* if we've just closed an output, let's switch */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004087 buf->cons->flags |= SI_FL_NOLINGER; /* we want to close ASAP */
4088
Willy Tarreau610ecce2010-01-04 21:15:02 +01004089 if (!(buf->flags & BF_OUT_EMPTY)) {
4090 txn->req.msg_state = HTTP_MSG_CLOSING;
4091 goto http_msg_closing;
4092 }
4093 else {
4094 txn->req.msg_state = HTTP_MSG_CLOSED;
4095 goto http_msg_closed;
4096 }
4097 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004098 goto wait_other_side;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004099 }
4100
4101 if (txn->req.msg_state == HTTP_MSG_CLOSING) {
4102 http_msg_closing:
4103 /* nothing else to forward, just waiting for the output buffer
4104 * to be empty and for the shutw_now to take effect.
4105 */
4106 if (buf->flags & BF_OUT_EMPTY) {
4107 txn->req.msg_state = HTTP_MSG_CLOSED;
4108 goto http_msg_closed;
4109 }
4110 else if (buf->flags & BF_SHUTW) {
4111 txn->req.msg_state = HTTP_MSG_ERROR;
4112 goto wait_other_side;
4113 }
4114 }
4115
4116 if (txn->req.msg_state == HTTP_MSG_CLOSED) {
4117 http_msg_closed:
4118 goto wait_other_side;
4119 }
4120
4121 wait_other_side:
4122 http_silent_debug(__LINE__, s);
4123 return txn->req.msg_state != old_state || buf->flags != old_flags;
4124}
4125
4126
4127/* This function updates the response state machine according to the request
4128 * state machine and buffer flags. It returns 1 if it changes anything (flag
4129 * or state), otherwise zero. It ignores any state before HTTP_MSG_DONE, as
4130 * it is only used to find when a request/response couple is complete. Both
4131 * this function and its equivalent should loop until both return zero. It
4132 * can set its own state to DONE, CLOSING, CLOSED, TUNNEL, ERROR.
4133 */
4134int http_sync_res_state(struct session *s)
4135{
4136 struct buffer *buf = s->rep;
4137 struct http_txn *txn = &s->txn;
4138 unsigned int old_flags = buf->flags;
4139 unsigned int old_state = txn->rsp.msg_state;
4140
4141 http_silent_debug(__LINE__, s);
4142 if (unlikely(txn->rsp.msg_state < HTTP_MSG_BODY))
4143 return 0;
4144
4145 if (txn->rsp.msg_state == HTTP_MSG_DONE) {
4146 /* In theory, we don't need to read anymore, but we must
Willy Tarreau90deb182010-01-07 00:20:41 +01004147 * still monitor the server connection for a possible close
4148 * while the request is being uploaded, so we don't disable
4149 * reading.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004150 */
Willy Tarreau90deb182010-01-07 00:20:41 +01004151 /* buffer_dont_read(buf); */
Willy Tarreau610ecce2010-01-04 21:15:02 +01004152
4153 if (txn->req.msg_state == HTTP_MSG_ERROR)
4154 goto wait_other_side;
4155
4156 if (txn->req.msg_state < HTTP_MSG_DONE) {
4157 /* The client seems to still be sending data, probably
4158 * because we got an error response during an upload.
4159 * We have the choice of either breaking the connection
4160 * or letting it pass through. Let's do the later.
4161 */
4162 goto wait_other_side;
4163 }
4164
4165 if (txn->req.msg_state == HTTP_MSG_TUNNEL) {
4166 /* if any side switches to tunnel mode, the other one does too */
Willy Tarreau90deb182010-01-07 00:20:41 +01004167 buffer_auto_read(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004168 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
4169 goto wait_other_side;
4170 }
4171
4172 /* When we get here, it means that both the request and the
4173 * response have finished receiving. Depending on the connection
4174 * mode, we'll have to wait for the last bytes to leave in either
4175 * direction, and sometimes for a close to be effective.
4176 */
4177
4178 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
4179 /* Server-close mode : shut read and wait for the request
4180 * side to close its output buffer. The caller will detect
4181 * when we're in DONE and the other is in CLOSED and will
4182 * catch that for the final cleanup.
4183 */
4184 if (!(buf->flags & (BF_SHUTR|BF_SHUTR_NOW)))
4185 buffer_shutr_now(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004186 }
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004187 else if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
4188 /* Option forceclose is set, or either side wants to close,
4189 * let's enforce it now that we're not expecting any new
4190 * data to come. The caller knows the session is complete
4191 * once both states are CLOSED.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004192 */
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004193 if (!(buf->flags & (BF_SHUTW|BF_SHUTW_NOW))) {
4194 buffer_shutr_now(buf);
4195 buffer_shutw_now(buf);
4196 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004197 }
4198 else {
Willy Tarreaucce7fa42010-01-16 23:19:39 +01004199 /* The last possible modes are keep-alive and tunnel. Since tunnel
4200 * mode does not set the body analyser, we can't reach this place
4201 * in tunnel mode, so we're left with keep-alive only.
4202 * This mode is currently not implemented, we switch to tunnel mode.
Willy Tarreau610ecce2010-01-04 21:15:02 +01004203 */
Willy Tarreau90deb182010-01-07 00:20:41 +01004204 buffer_auto_read(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004205 txn->rsp.msg_state = HTTP_MSG_TUNNEL;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004206 }
4207
4208 if (buf->flags & (BF_SHUTW|BF_SHUTW_NOW)) {
4209 /* if we've just closed an output, let's switch */
4210 if (!(buf->flags & BF_OUT_EMPTY)) {
4211 txn->rsp.msg_state = HTTP_MSG_CLOSING;
4212 goto http_msg_closing;
4213 }
4214 else {
4215 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4216 goto http_msg_closed;
4217 }
4218 }
4219 goto wait_other_side;
4220 }
4221
4222 if (txn->rsp.msg_state == HTTP_MSG_CLOSING) {
4223 http_msg_closing:
4224 /* nothing else to forward, just waiting for the output buffer
4225 * to be empty and for the shutw_now to take effect.
4226 */
4227 if (buf->flags & BF_OUT_EMPTY) {
4228 txn->rsp.msg_state = HTTP_MSG_CLOSED;
4229 goto http_msg_closed;
4230 }
4231 else if (buf->flags & BF_SHUTW) {
4232 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreauae526782010-03-04 20:34:23 +01004233 s->be->counters.cli_aborts++;
4234 if (s->srv)
4235 s->srv->counters.cli_aborts++;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004236 goto wait_other_side;
4237 }
4238 }
4239
4240 if (txn->rsp.msg_state == HTTP_MSG_CLOSED) {
4241 http_msg_closed:
4242 /* drop any pending data */
4243 buffer_ignore(buf, buf->l - buf->send_max);
4244 buffer_auto_close(buf);
Willy Tarreau90deb182010-01-07 00:20:41 +01004245 buffer_auto_read(buf);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004246 goto wait_other_side;
4247 }
4248
4249 wait_other_side:
4250 http_silent_debug(__LINE__, s);
4251 return txn->rsp.msg_state != old_state || buf->flags != old_flags;
4252}
4253
4254
4255/* Resync the request and response state machines. Return 1 if either state
4256 * changes.
4257 */
4258int http_resync_states(struct session *s)
4259{
4260 struct http_txn *txn = &s->txn;
4261 int old_req_state = txn->req.msg_state;
4262 int old_res_state = txn->rsp.msg_state;
4263
4264 http_silent_debug(__LINE__, s);
4265 http_sync_req_state(s);
4266 while (1) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004267 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004268 if (!http_sync_res_state(s))
4269 break;
Willy Tarreau90deb182010-01-07 00:20:41 +01004270 http_silent_debug(__LINE__, s);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004271 if (!http_sync_req_state(s))
4272 break;
4273 }
4274 http_silent_debug(__LINE__, s);
4275 /* OK, both state machines agree on a compatible state.
4276 * There are a few cases we're interested in :
4277 * - HTTP_MSG_TUNNEL on either means we have to disable both analysers
4278 * - HTTP_MSG_CLOSED on both sides means we've reached the end in both
4279 * directions, so let's simply disable both analysers.
4280 * - HTTP_MSG_CLOSED on the response only means we must abort the
4281 * request.
4282 * - HTTP_MSG_CLOSED on the request and HTTP_MSG_DONE on the response
4283 * with server-close mode means we've completed one request and we
4284 * must re-initialize the server connection.
4285 */
4286
4287 if (txn->req.msg_state == HTTP_MSG_TUNNEL ||
4288 txn->rsp.msg_state == HTTP_MSG_TUNNEL ||
4289 (txn->req.msg_state == HTTP_MSG_CLOSED &&
4290 txn->rsp.msg_state == HTTP_MSG_CLOSED)) {
4291 s->req->analysers = 0;
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004292 buffer_auto_close(s->req);
Willy Tarreau90deb182010-01-07 00:20:41 +01004293 buffer_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004294 s->rep->analysers = 0;
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004295 buffer_auto_close(s->rep);
Willy Tarreau90deb182010-01-07 00:20:41 +01004296 buffer_auto_read(s->rep);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004297 }
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004298 else if (txn->rsp.msg_state == HTTP_MSG_CLOSED ||
4299 txn->rsp.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau4fe41902010-06-07 22:27:41 +02004300 txn->req.msg_state == HTTP_MSG_ERROR ||
Willy Tarreau2fa144c2010-01-04 23:13:26 +01004301 (s->rep->flags & BF_SHUTW)) {
Willy Tarreau90deb182010-01-07 00:20:41 +01004302 s->rep->analysers = 0;
4303 buffer_auto_close(s->rep);
4304 buffer_auto_read(s->rep);
4305 s->req->analysers = 0;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004306 buffer_abort(s->req);
4307 buffer_auto_close(s->req);
Willy Tarreau90deb182010-01-07 00:20:41 +01004308 buffer_auto_read(s->req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004309 buffer_ignore(s->req, s->req->l - s->req->send_max);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004310 }
4311 else if (txn->req.msg_state == HTTP_MSG_CLOSED &&
4312 txn->rsp.msg_state == HTTP_MSG_DONE &&
4313 ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)) {
4314 /* server-close: terminate this server connection and
4315 * reinitialize a fresh-new transaction.
4316 */
4317 http_end_txn_clean_session(s);
4318 }
4319
4320 http_silent_debug(__LINE__, s);
4321 return txn->req.msg_state != old_req_state ||
4322 txn->rsp.msg_state != old_res_state;
4323}
4324
Willy Tarreaud98cf932009-12-27 22:54:55 +01004325/* This function is an analyser which forwards request body (including chunk
4326 * sizes if any). It is called as soon as we must forward, even if we forward
4327 * zero byte. The only situation where it must not be called is when we're in
4328 * tunnel mode and we want to forward till the close. It's used both to forward
4329 * remaining data and to resync after end of body. It expects the msg_state to
4330 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
4331 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01004332 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreaud98cf932009-12-27 22:54:55 +01004333 * bytes of pending data + the headers if not already done (between som and sov).
4334 * It eventually adjusts som to match sov after the data in between have been sent.
4335 */
4336int http_request_forward_body(struct session *s, struct buffer *req, int an_bit)
4337{
4338 struct http_txn *txn = &s->txn;
4339 struct http_msg *msg = &s->txn.req;
4340
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004341 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
4342 return 0;
4343
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01004344 if ((req->flags & (BF_READ_ERROR|BF_READ_TIMEOUT|BF_WRITE_ERROR|BF_WRITE_TIMEOUT)) ||
4345 ((req->flags & BF_SHUTW) && (req->to_forward || req->send_max))) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02004346 /* Output closed while we were sending data. We must abort and
4347 * wake the other side up.
4348 */
4349 msg->msg_state = HTTP_MSG_ERROR;
4350 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01004351 return 1;
4352 }
4353
Willy Tarreau4fe41902010-06-07 22:27:41 +02004354 /* in most states, we should abort in case of early close */
4355 buffer_auto_close(req);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004356
4357 /* Note that we don't have to send 100-continue back because we don't
4358 * need the data to complete our job, and it's up to the server to
4359 * decide whether to return 100, 417 or anything else in return of
4360 * an "Expect: 100-continue" header.
4361 */
4362
4363 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
4364 /* we have msg->col and msg->sov which both point to the first
4365 * byte of message body. msg->som still points to the beginning
4366 * of the message. We must save the body in req->lr because it
4367 * survives buffer re-alignments.
4368 */
4369 req->lr = req->data + msg->sov;
4370 if (txn->flags & TX_REQ_TE_CHNK)
4371 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
4372 else {
4373 msg->msg_state = HTTP_MSG_DATA;
4374 }
4375 }
4376
Willy Tarreaud98cf932009-12-27 22:54:55 +01004377 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01004378 http_silent_debug(__LINE__, s);
Willy Tarreau638cd022010-01-03 07:42:04 +01004379 /* we may have some data pending */
Willy Tarreau124d9912011-03-01 20:30:48 +01004380 if (msg->chunk_len || msg->som != msg->sov) {
Willy Tarreau638cd022010-01-03 07:42:04 +01004381 int bytes = msg->sov - msg->som;
4382 if (bytes < 0) /* sov may have wrapped at the end */
4383 bytes += req->size;
Willy Tarreau124d9912011-03-01 20:30:48 +01004384 buffer_forward(req, bytes + msg->chunk_len);
4385 msg->chunk_len = 0; /* don't forward that again */
Willy Tarreau638cd022010-01-03 07:42:04 +01004386 msg->som = msg->sov;
4387 }
Willy Tarreau5523b322009-12-29 12:05:52 +01004388
Willy Tarreaucaabe412010-01-03 23:08:28 +01004389 if (msg->msg_state == HTTP_MSG_DATA) {
4390 /* must still forward */
4391 if (req->to_forward)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004392 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004393
4394 /* nothing left to forward */
4395 if (txn->flags & TX_REQ_TE_CHNK)
4396 msg->msg_state = HTTP_MSG_DATA_CRLF;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004397 else
Willy Tarreaucaabe412010-01-03 23:08:28 +01004398 msg->msg_state = HTTP_MSG_DONE;
Willy Tarreaucaabe412010-01-03 23:08:28 +01004399 }
4400 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01004401 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaud98cf932009-12-27 22:54:55 +01004402 * set ->sov and ->lr to point to the body and switch to DATA or
4403 * TRAILERS state.
4404 */
4405 int ret = http_parse_chunk_size(req, msg);
4406
4407 if (!ret)
4408 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004409 else if (ret < 0) {
4410 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004411 if (msg->err_pos >= 0)
4412 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, HTTP_MSG_CHUNK_SIZE, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004413 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004414 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004415 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreau57f5c122010-12-02 00:37:14 +01004416 /* Don't set a PUSH at the end of that chunk if it's not the last one */
4417 if (msg->msg_state == HTTP_MSG_DATA)
4418 req->flags |= BF_EXPECT_MORE;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004419 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004420 else if (msg->msg_state == HTTP_MSG_DATA_CRLF) {
4421 /* we want the CRLF after the data */
4422 int ret;
4423
Willy Tarreaud3347ee2010-01-04 02:02:25 +01004424 req->lr = req->w + req->send_max;
4425 if (req->lr >= req->data + req->size)
4426 req->lr -= req->size;
4427
Willy Tarreaud98cf932009-12-27 22:54:55 +01004428 ret = http_skip_chunk_crlf(req, msg);
4429
4430 if (ret == 0)
4431 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004432 else if (ret < 0) {
4433 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004434 if (msg->err_pos >= 0)
4435 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, HTTP_MSG_DATA_CRLF, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004436 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004437 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004438 /* we're in MSG_CHUNK_SIZE now */
4439 }
4440 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
4441 int ret = http_forward_trailers(req, msg);
4442
4443 if (ret == 0)
4444 goto missing_data;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004445 else if (ret < 0) {
4446 session_inc_http_err_ctr(s);
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004447 if (msg->err_pos >= 0)
4448 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, HTTP_MSG_TRAILERS, s->be);
Willy Tarreaud98cf932009-12-27 22:54:55 +01004449 goto return_bad_req;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004450 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004451 /* we're in HTTP_MSG_DONE now */
4452 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004453 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004454 int old_state = msg->msg_state;
4455
Willy Tarreau610ecce2010-01-04 21:15:02 +01004456 /* other states, DONE...TUNNEL */
Willy Tarreau4fe41902010-06-07 22:27:41 +02004457 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004458 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
4459 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
4460 buffer_dont_close(req);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004461 if (http_resync_states(s)) {
4462 /* some state changes occurred, maybe the analyser
4463 * was disabled too.
Willy Tarreauface8392010-01-03 11:37:54 +01004464 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004465 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
4466 if (req->flags & BF_SHUTW) {
4467 /* request errors are most likely due to
4468 * the server aborting the transfer.
4469 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004470 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004471 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01004472 if (msg->err_pos >= 0)
4473 http_capture_bad_message(&s->fe->invalid_req, s, req, msg, old_state, s->be);
Willy Tarreau610ecce2010-01-04 21:15:02 +01004474 goto return_bad_req;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01004475 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01004476 return 1;
Willy Tarreaub608feb2010-01-02 22:47:18 +01004477 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02004478
4479 /* If "option abortonclose" is set on the backend, we
4480 * want to monitor the client's connection and forward
4481 * any shutdown notification to the server, which will
4482 * decide whether to close or to go on processing the
4483 * request.
4484 */
4485 if (s->be->options & PR_O_ABRT_CLOSE) {
4486 buffer_auto_read(req);
4487 buffer_auto_close(req);
4488 }
Willy Tarreau58bd8fd2010-09-28 14:16:41 +02004489 else if (s->txn.meth == HTTP_METH_POST) {
4490 /* POST requests may require to read extra CRLF
4491 * sent by broken browsers and which could cause
4492 * an RST to be sent upon close on some systems
4493 * (eg: Linux).
4494 */
4495 buffer_auto_read(req);
4496 }
Willy Tarreau5c54c712010-07-17 08:02:58 +02004497
Willy Tarreau610ecce2010-01-04 21:15:02 +01004498 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01004499 }
4500 }
4501
Willy Tarreaud98cf932009-12-27 22:54:55 +01004502 missing_data:
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004503 /* stop waiting for data if the input is closed before the end */
Willy Tarreau79ebac62010-06-07 13:47:49 +02004504 if (req->flags & BF_SHUTR) {
4505 if (!(s->flags & SN_ERR_MASK))
4506 s->flags |= SN_ERR_CLICL;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004507 if (!(s->flags & SN_FINST_MASK)) {
4508 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
4509 s->flags |= SN_FINST_H;
4510 else
4511 s->flags |= SN_FINST_D;
4512 }
4513
4514 s->fe->counters.cli_aborts++;
4515 if (s->fe != s->be)
4516 s->be->counters.cli_aborts++;
4517 if (s->srv)
4518 s->srv->counters.cli_aborts++;
4519
4520 goto return_bad_req_stats_ok;
Willy Tarreau79ebac62010-06-07 13:47:49 +02004521 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004522
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004523 /* waiting for the last bits to leave the buffer */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004524 if (req->flags & BF_SHUTW)
4525 goto aborted_xfer;
Willy Tarreau610ecce2010-01-04 21:15:02 +01004526
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02004527 /* When TE: chunked is used, we need to get there again to parse remaining
4528 * chunks even if the client has closed, so we don't want to set BF_DONTCLOSE.
4529 */
4530 if (txn->flags & TX_REQ_TE_CHNK)
4531 buffer_dont_close(req);
4532
Willy Tarreau610ecce2010-01-04 21:15:02 +01004533 http_silent_debug(__LINE__, s);
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01004534 return 0;
4535
Willy Tarreaud98cf932009-12-27 22:54:55 +01004536 return_bad_req: /* let's centralize all bad requests */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004537 s->fe->counters.failed_req++;
4538 if (s->listener->counters)
4539 s->listener->counters->failed_req++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004540 return_bad_req_stats_ok:
4541 txn->req.msg_state = HTTP_MSG_ERROR;
4542 if (txn->status) {
4543 /* Note: we don't send any error if some data were already sent */
4544 stream_int_retnclose(req->prod, NULL);
4545 } else {
4546 txn->status = 400;
4547 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_400));
4548 }
4549 req->analysers = 0;
4550 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
Willy Tarreaud98cf932009-12-27 22:54:55 +01004551
4552 if (!(s->flags & SN_ERR_MASK))
4553 s->flags |= SN_ERR_PRXCOND;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01004554 if (!(s->flags & SN_FINST_MASK)) {
4555 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
4556 s->flags |= SN_FINST_H;
4557 else
4558 s->flags |= SN_FINST_D;
4559 }
4560 return 0;
4561
4562 aborted_xfer:
4563 txn->req.msg_state = HTTP_MSG_ERROR;
4564 if (txn->status) {
4565 /* Note: we don't send any error if some data were already sent */
4566 stream_int_retnclose(req->prod, NULL);
4567 } else {
4568 txn->status = 502;
4569 stream_int_retnclose(req->prod, error_message(s, HTTP_ERR_502));
4570 }
4571 req->analysers = 0;
4572 s->rep->analysers = 0; /* we're in data phase, we want to abort both directions */
4573
4574 s->fe->counters.srv_aborts++;
4575 if (s->fe != s->be)
4576 s->be->counters.srv_aborts++;
4577 if (s->srv)
4578 s->srv->counters.srv_aborts++;
4579
4580 if (!(s->flags & SN_ERR_MASK))
4581 s->flags |= SN_ERR_SRVCL;
4582 if (!(s->flags & SN_FINST_MASK)) {
4583 if (txn->rsp.msg_state < HTTP_MSG_ERROR)
4584 s->flags |= SN_FINST_H;
4585 else
4586 s->flags |= SN_FINST_D;
4587 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01004588 return 0;
4589}
4590
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004591/* This stream analyser waits for a complete HTTP response. It returns 1 if the
4592 * processing can continue on next analysers, or zero if it either needs more
4593 * data or wants to immediately abort the response (eg: timeout, error, ...). It
4594 * is tied to AN_RES_WAIT_HTTP and may may remove itself from s->rep->analysers
4595 * when it has nothing left to do, and may remove any analyser when it wants to
4596 * abort.
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004597 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004598int http_wait_for_response(struct session *s, struct buffer *rep, int an_bit)
Willy Tarreauc65a3ba2008-08-11 23:42:50 +02004599{
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004600 struct http_txn *txn = &s->txn;
4601 struct http_msg *msg = &txn->rsp;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004602 struct hdr_ctx ctx;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004603 int use_close_only;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004604 int cur_idx;
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02004605 int n;
Willy Tarreauadfb8562008-08-11 15:24:42 +02004606
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02004607 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
Willy Tarreaufa7e1022008-10-19 07:30:41 +02004608 now_ms, __FUNCTION__,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004609 s,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02004610 rep,
4611 rep->rex, rep->wex,
4612 rep->flags,
4613 rep->l,
4614 rep->analysers);
Willy Tarreau67f0eea2008-08-10 22:55:22 +02004615
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004616 /*
4617 * Now parse the partial (or complete) lines.
4618 * We will check the response syntax, and also join multi-line
4619 * headers. An index of all the lines will be elaborated while
4620 * parsing.
4621 *
4622 * For the parsing, we use a 28 states FSM.
4623 *
4624 * Here is the information we currently have :
Willy Tarreau83e3af02009-12-28 17:39:57 +01004625 * rep->data + msg->som = beginning of response
4626 * rep->data + msg->eoh = end of processed headers / start of current one
4627 * msg->eol = end of current header or line (LF or CRLF)
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004628 * rep->lr = first non-visited byte
4629 * rep->r = end of data
Willy Tarreau962c3f42010-01-10 00:15:35 +01004630 * Once we reach MSG_BODY, rep->sol = rep->data + msg->som
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004631 */
4632
Willy Tarreau83e3af02009-12-28 17:39:57 +01004633 /* There's a protected area at the end of the buffer for rewriting
4634 * purposes. We don't want to start to parse the request if the
4635 * protected area is affected, because we may have to move processed
4636 * data later, which is much more complicated.
4637 */
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01004638 if (rep->l && msg->msg_state < HTTP_MSG_ERROR) {
4639 if (unlikely((rep->flags & BF_FULL) ||
4640 rep->r < rep->lr ||
4641 rep->r > rep->data + rep->size - global.tune.maxrewrite)) {
4642 if (rep->send_max) {
4643 /* some data has still not left the buffer, wake us once that's done */
Willy Tarreau64648412010-03-05 10:41:54 +01004644 if (rep->flags & (BF_SHUTW|BF_SHUTW_NOW|BF_WRITE_ERROR|BF_WRITE_TIMEOUT))
4645 goto abort_response;
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01004646 buffer_dont_close(rep);
4647 rep->flags |= BF_READ_DONTWAIT; /* try to get back here ASAP */
4648 return 0;
4649 }
4650 if (rep->l <= rep->size - global.tune.maxrewrite)
4651 http_buffer_heavy_realign(rep, msg);
Willy Tarreau83e3af02009-12-28 17:39:57 +01004652 }
4653
Willy Tarreau2ab6eb12010-01-02 22:04:45 +01004654 if (likely(rep->lr < rep->r))
4655 http_msg_analyzer(rep, msg, &txn->hdr_idx);
Willy Tarreau83e3af02009-12-28 17:39:57 +01004656 }
4657
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004658 /* 1: we might have to print this header in debug mode */
4659 if (unlikely((global.mode & MODE_DEBUG) &&
4660 (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) &&
Willy Tarreauc3bfeeb2010-04-16 09:14:45 +02004661 msg->sol &&
Willy Tarreau655dce92009-11-08 13:10:58 +01004662 (msg->msg_state >= HTTP_MSG_BODY || msg->msg_state == HTTP_MSG_ERROR))) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004663 char *eol, *sol;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004664
Willy Tarreau663308b2010-06-07 14:06:08 +02004665 sol = rep->data + msg->som;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02004666 eol = sol + msg->sl.st.l;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004667 debug_hdr("srvrep", s, sol, eol);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004668
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004669 sol += hdr_idx_first_pos(&txn->hdr_idx);
4670 cur_idx = hdr_idx_first_idx(&txn->hdr_idx);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004671
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004672 while (cur_idx) {
4673 eol = sol + txn->hdr_idx.v[cur_idx].len;
4674 debug_hdr("srvhdr", s, sol, eol);
4675 sol = eol + txn->hdr_idx.v[cur_idx].cr + 1;
4676 cur_idx = txn->hdr_idx.v[cur_idx].next;
4677 }
4678 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004679
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004680 /*
4681 * Now we quickly check if we have found a full valid response.
4682 * If not so, we check the FD and buffer states before leaving.
4683 * A full response is indicated by the fact that we have seen
Willy Tarreau655dce92009-11-08 13:10:58 +01004684 * the double LF/CRLF, so the state is >= HTTP_MSG_BODY. Invalid
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004685 * responses are checked first.
4686 *
4687 * Depending on whether the client is still there or not, we
4688 * may send an error response back or not. Note that normally
4689 * we should only check for HTTP status there, and check I/O
4690 * errors somewhere else.
4691 */
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004692
Willy Tarreau655dce92009-11-08 13:10:58 +01004693 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004694 /* Invalid response */
4695 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
4696 /* we detected a parsing error. We want to archive this response
4697 * in the dedicated proxy area for later troubleshooting.
4698 */
4699 hdr_response_bad:
4700 if (msg->msg_state == HTTP_MSG_ERROR || msg->err_pos >= 0)
Willy Tarreau078272e2010-12-12 12:46:33 +01004701 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004702
4703 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004704 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004705 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004706 health_adjust(s->srv, HANA_STATUS_HTTP_HDRRSP);
4707 }
Willy Tarreau64648412010-03-05 10:41:54 +01004708 abort_response:
Willy Tarreau90deb182010-01-07 00:20:41 +01004709 buffer_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004710 rep->analysers = 0;
4711 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004712 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau0b89fbb2010-02-02 09:57:24 +01004713 buffer_ignore(rep, rep->l - rep->send_max);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004714 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_502));
4715
4716 if (!(s->flags & SN_ERR_MASK))
4717 s->flags |= SN_ERR_PRXCOND;
4718 if (!(s->flags & SN_FINST_MASK))
4719 s->flags |= SN_FINST_H;
4720
4721 return 0;
Willy Tarreaubaaee002006-06-26 02:48:02 +02004722 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004723
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004724 /* too large response does not fit in buffer. */
4725 else if (rep->flags & BF_FULL) {
4726 goto hdr_response_bad;
4727 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004728
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004729 /* read error */
4730 else if (rep->flags & BF_READ_ERROR) {
4731 if (msg->err_pos >= 0)
Willy Tarreau078272e2010-12-12 12:46:33 +01004732 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, msg->msg_state, s->fe);
Willy Tarreau4076a152009-04-02 15:18:36 +02004733
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004734 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004735 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004736 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004737 health_adjust(s->srv, HANA_STATUS_HTTP_READ_ERROR);
4738 }
Willy Tarreau461f6622008-08-15 23:43:19 +02004739
Willy Tarreau90deb182010-01-07 00:20:41 +01004740 buffer_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004741 rep->analysers = 0;
4742 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004743 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau0b89fbb2010-02-02 09:57:24 +01004744 buffer_ignore(rep, rep->l - rep->send_max);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004745 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_502));
Willy Tarreau816b9792009-09-15 21:25:21 +02004746
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004747 if (!(s->flags & SN_ERR_MASK))
4748 s->flags |= SN_ERR_SRVCL;
4749 if (!(s->flags & SN_FINST_MASK))
4750 s->flags |= SN_FINST_H;
Willy Tarreaucebf57e2008-08-15 18:16:37 +02004751 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004752 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02004753
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004754 /* read timeout : return a 504 to the client. */
4755 else if (rep->flags & BF_READ_TIMEOUT) {
4756 if (msg->err_pos >= 0)
Willy Tarreau078272e2010-12-12 12:46:33 +01004757 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01004758
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004759 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004760 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004761 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004762 health_adjust(s->srv, HANA_STATUS_HTTP_READ_TIMEOUT);
4763 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004764
Willy Tarreau90deb182010-01-07 00:20:41 +01004765 buffer_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004766 rep->analysers = 0;
4767 txn->status = 504;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004768 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau0b89fbb2010-02-02 09:57:24 +01004769 buffer_ignore(rep, rep->l - rep->send_max);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004770 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_504));
Willy Tarreau4076a152009-04-02 15:18:36 +02004771
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004772 if (!(s->flags & SN_ERR_MASK))
4773 s->flags |= SN_ERR_SRVTO;
4774 if (!(s->flags & SN_FINST_MASK))
4775 s->flags |= SN_FINST_H;
4776 return 0;
4777 }
Willy Tarreaua7c52762008-08-16 18:40:18 +02004778
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004779 /* close from server */
4780 else if (rep->flags & BF_SHUTR) {
4781 if (msg->err_pos >= 0)
Willy Tarreau078272e2010-12-12 12:46:33 +01004782 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, msg->msg_state, s->fe);
Willy Tarreau21d2af32008-02-14 20:25:24 +01004783
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004784 s->be->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004785 if (s->srv) {
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004786 s->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004787 health_adjust(s->srv, HANA_STATUS_HTTP_BROKEN_PIPE);
4788 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004789
Willy Tarreau90deb182010-01-07 00:20:41 +01004790 buffer_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004791 rep->analysers = 0;
4792 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01004793 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau0b89fbb2010-02-02 09:57:24 +01004794 buffer_ignore(rep, rep->l - rep->send_max);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004795 stream_int_retnclose(rep->cons, error_message(s, HTTP_ERR_502));
Willy Tarreau21d2af32008-02-14 20:25:24 +01004796
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004797 if (!(s->flags & SN_ERR_MASK))
4798 s->flags |= SN_ERR_SRVCL;
4799 if (!(s->flags & SN_FINST_MASK))
4800 s->flags |= SN_FINST_H;
4801 return 0;
4802 }
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02004803
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004804 /* write error to client (we don't send any message then) */
4805 else if (rep->flags & BF_WRITE_ERROR) {
4806 if (msg->err_pos >= 0)
Willy Tarreau078272e2010-12-12 12:46:33 +01004807 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, msg->msg_state, s->fe);
Krzysztof Piotr Oledzki5fb18822009-10-13 21:14:09 +02004808
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004809 s->be->counters.failed_resp++;
4810 rep->analysers = 0;
Willy Tarreau90deb182010-01-07 00:20:41 +01004811 buffer_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004812
4813 if (!(s->flags & SN_ERR_MASK))
4814 s->flags |= SN_ERR_CLICL;
4815 if (!(s->flags & SN_FINST_MASK))
4816 s->flags |= SN_FINST_H;
4817
4818 /* process_session() will take care of the error */
4819 return 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004820 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01004821
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004822 buffer_dont_close(rep);
4823 return 0;
4824 }
4825
4826 /* More interesting part now : we know that we have a complete
4827 * response which at least looks like HTTP. We have an indicator
4828 * of each header's length, so we can parse them quickly.
4829 */
4830
4831 if (unlikely(msg->err_pos >= 0))
Willy Tarreau078272e2010-12-12 12:46:33 +01004832 http_capture_bad_message(&s->be->invalid_rep, s, rep, msg, msg->msg_state, s->fe);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004833
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004834 /*
4835 * 1: get the status code
4836 */
Willy Tarreau962c3f42010-01-10 00:15:35 +01004837 n = msg->sol[msg->sl.st.c] - '0';
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004838 if (n < 1 || n > 5)
4839 n = 0;
Willy Tarreauda7ff642010-06-23 11:44:09 +02004840 /* when the client triggers a 4xx from the server, it's most often due
4841 * to a missing object or permission. These events should be tracked
4842 * because if they happen often, it may indicate a brute force or a
4843 * vulnerability scan.
4844 */
4845 if (n == 4)
4846 session_inc_http_err_ctr(s);
4847
Willy Tarreaud45b3d52010-05-20 11:49:03 +02004848 if (s->srv)
4849 s->srv->counters.p.http.rsp[n]++;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004850
Willy Tarreau5b154472009-12-21 20:11:07 +01004851 /* check if the response is HTTP/1.1 or above */
4852 if ((msg->sl.st.v_l == 8) &&
Willy Tarreau962c3f42010-01-10 00:15:35 +01004853 ((msg->sol[5] > '1') ||
4854 ((msg->sol[5] == '1') &&
4855 (msg->sol[7] >= '1'))))
Willy Tarreau5b154472009-12-21 20:11:07 +01004856 txn->flags |= TX_RES_VER_11;
4857
4858 /* "connection" has not been parsed yet */
Willy Tarreau60466522010-01-18 19:08:45 +01004859 txn->flags &= ~(TX_HDR_CONN_PRS|TX_HDR_CONN_CLO|TX_HDR_CONN_KAL|TX_CON_CLO_SET|TX_CON_KAL_SET);
Willy Tarreau5b154472009-12-21 20:11:07 +01004860
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004861 /* transfer length unknown*/
4862 txn->flags &= ~TX_RES_XFER_LEN;
4863
Willy Tarreau962c3f42010-01-10 00:15:35 +01004864 txn->status = strl2ui(msg->sol + msg->sl.st.c, msg->sl.st.c_l);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004865
Willy Tarreau39650402010-03-15 19:44:39 +01004866 /* Adjust server's health based on status code. Note: status codes 501
4867 * and 505 are triggered on demand by client request, so we must not
4868 * count them as server failures.
4869 */
Willy Tarreaud45b3d52010-05-20 11:49:03 +02004870 if (s->srv) {
4871 if (txn->status >= 100 && (txn->status < 500 || txn->status == 501 || txn->status == 505))
4872 health_adjust(s->srv, HANA_STATUS_HTTP_OK);
4873 else
4874 health_adjust(s->srv, HANA_STATUS_HTTP_STS);
4875 }
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01004876
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004877 /*
4878 * 2: check for cacheability.
4879 */
4880
4881 switch (txn->status) {
4882 case 200:
4883 case 203:
4884 case 206:
4885 case 300:
4886 case 301:
4887 case 410:
4888 /* RFC2616 @13.4:
4889 * "A response received with a status code of
4890 * 200, 203, 206, 300, 301 or 410 MAY be stored
4891 * by a cache (...) unless a cache-control
4892 * directive prohibits caching."
4893 *
4894 * RFC2616 @9.5: POST method :
4895 * "Responses to this method are not cacheable,
4896 * unless the response includes appropriate
4897 * Cache-Control or Expires header fields."
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004898 */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004899 if (likely(txn->meth != HTTP_METH_POST) &&
4900 (s->be->options & (PR_O_CHK_CACHE|PR_O_COOK_NOC)))
4901 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
4902 break;
4903 default:
4904 break;
4905 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02004906
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004907 /*
4908 * 3: we may need to capture headers
4909 */
4910 s->logs.logwait &= ~LW_RESP;
4911 if (unlikely((s->logs.logwait & LW_RSPHDR) && s->fe->rsp_cap))
Willy Tarreau962c3f42010-01-10 00:15:35 +01004912 capture_headers(msg->sol, &txn->hdr_idx,
Willy Tarreaub37c27e2009-10-18 22:53:08 +02004913 txn->rsp.cap, s->fe->rsp_cap);
4914
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004915 /* 4: determine the transfer-length.
4916 * According to RFC2616 #4.4, amended by the HTTPbis working group,
4917 * the presence of a message-body in a RESPONSE and its transfer length
4918 * must be determined that way :
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004919 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004920 * All responses to the HEAD request method MUST NOT include a
4921 * message-body, even though the presence of entity-header fields
4922 * might lead one to believe they do. All 1xx (informational), 204
4923 * (No Content), and 304 (Not Modified) responses MUST NOT include a
4924 * message-body. All other responses do include a message-body,
4925 * although it MAY be of zero length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004926 *
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004927 * 1. Any response which "MUST NOT" include a message-body (such as the
4928 * 1xx, 204 and 304 responses and any response to a HEAD request) is
4929 * always terminated by the first empty line after the header fields,
4930 * regardless of the entity-header fields present in the message.
4931 *
4932 * 2. If a Transfer-Encoding header field (Section 9.7) is present and
4933 * the "chunked" transfer-coding (Section 6.2) is used, the
4934 * transfer-length is defined by the use of this transfer-coding.
4935 * If a Transfer-Encoding header field is present and the "chunked"
4936 * transfer-coding is not present, the transfer-length is defined by
4937 * the sender closing the connection.
4938 *
4939 * 3. If a Content-Length header field is present, its decimal value in
4940 * OCTETs represents both the entity-length and the transfer-length.
4941 * If a message is received with both a Transfer-Encoding header
4942 * field and a Content-Length header field, the latter MUST be ignored.
4943 *
4944 * 4. If the message uses the media type "multipart/byteranges", and
4945 * the transfer-length is not otherwise specified, then this self-
4946 * delimiting media type defines the transfer-length. This media
4947 * type MUST NOT be used unless the sender knows that the recipient
4948 * can parse it; the presence in a request of a Range header with
4949 * multiple byte-range specifiers from a 1.1 client implies that the
4950 * client can parse multipart/byteranges responses.
4951 *
4952 * 5. By the server closing the connection.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004953 */
4954
4955 /* Skip parsing if no content length is possible. The response flags
Willy Tarreau124d9912011-03-01 20:30:48 +01004956 * remain 0 as well as the chunk_len, which may or may not mirror
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004957 * the real header value, and we note that we know the response's length.
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004958 * FIXME: should we parse anyway and return an error on chunked encoding ?
4959 */
4960 if (txn->meth == HTTP_METH_HEAD ||
4961 (txn->status >= 100 && txn->status < 200) ||
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004962 txn->status == 204 || txn->status == 304) {
4963 txn->flags |= TX_RES_XFER_LEN;
4964 goto skip_content_length;
4965 }
4966
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004967 use_close_only = 0;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004968 ctx.idx = 0;
Willy Tarreau9e13c3c2009-12-22 09:59:58 +01004969 while ((txn->flags & TX_RES_VER_11) &&
4970 http_find_header2("Transfer-Encoding", 17, msg->sol, &txn->hdr_idx, &ctx)) {
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004971 if (ctx.vlen == 7 && strncasecmp(ctx.line + ctx.val, "chunked", 7) == 0)
4972 txn->flags |= (TX_RES_TE_CHNK | TX_RES_XFER_LEN);
4973 else if (txn->flags & TX_RES_TE_CHNK) {
4974 /* bad transfer-encoding (chunked followed by something else) */
4975 use_close_only = 1;
4976 txn->flags &= ~(TX_RES_TE_CHNK | TX_RES_XFER_LEN);
4977 break;
4978 }
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004979 }
4980
4981 /* FIXME: below we should remove the content-length header(s) in case of chunked encoding */
4982 ctx.idx = 0;
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004983 while (!(txn->flags & TX_RES_TE_CHNK) && !use_close_only &&
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004984 http_find_header2("Content-Length", 14, msg->sol, &txn->hdr_idx, &ctx)) {
4985 signed long long cl;
4986
4987 if (!ctx.vlen)
4988 goto hdr_response_bad;
4989
4990 if (strl2llrc(ctx.line + ctx.val, ctx.vlen, &cl))
4991 goto hdr_response_bad; /* parse failure */
4992
4993 if (cl < 0)
4994 goto hdr_response_bad;
4995
Willy Tarreau124d9912011-03-01 20:30:48 +01004996 if ((txn->flags & TX_RES_CNT_LEN) && (msg->chunk_len != cl))
Willy Tarreaub8c82c22009-10-18 23:45:12 +02004997 goto hdr_response_bad; /* already specified, was different */
4998
Willy Tarreaue8e785b2009-12-26 15:34:26 +01004999 txn->flags |= TX_RES_CNT_LEN | TX_RES_XFER_LEN;
Willy Tarreau124d9912011-03-01 20:30:48 +01005000 msg->body_len = msg->chunk_len = cl;
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005001 }
5002
Willy Tarreaue8e785b2009-12-26 15:34:26 +01005003 /* FIXME: we should also implement the multipart/byterange method.
5004 * For now on, we resort to close mode in this case (unknown length).
5005 */
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005006skip_content_length:
Willy Tarreaub8c82c22009-10-18 23:45:12 +02005007
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005008 /* end of job, return OK */
5009 rep->analysers &= ~an_bit;
5010 rep->analyse_exp = TICK_ETERNITY;
Willy Tarreau90deb182010-01-07 00:20:41 +01005011 buffer_auto_close(rep);
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005012 return 1;
5013}
5014
5015/* This function performs all the processing enabled for the current response.
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005016 * It normally returns 1 unless it wants to break. It relies on buffers flags,
5017 * and updates t->rep->analysers. It might make sense to explode it into several
5018 * other functions. It works like process_request (see indications above).
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005019 */
5020int http_process_res_common(struct session *t, struct buffer *rep, int an_bit, struct proxy *px)
5021{
5022 struct http_txn *txn = &t->txn;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005023 struct http_msg *msg = &txn->rsp;
5024 struct proxy *cur_proxy;
Willy Tarreauf4f04122010-01-28 18:10:50 +01005025 struct cond_wordlist *wl;
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005026
5027 DPRINTF(stderr,"[%u] %s: session=%p b=%p, exp(r,w)=%u,%u bf=%08x bl=%d analysers=%02x\n",
5028 now_ms, __FUNCTION__,
5029 t,
5030 rep,
5031 rep->rex, rep->wex,
5032 rep->flags,
5033 rep->l,
5034 rep->analysers);
5035
Willy Tarreau655dce92009-11-08 13:10:58 +01005036 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) /* we need more data */
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005037 return 0;
5038
5039 rep->analysers &= ~an_bit;
5040 rep->analyse_exp = TICK_ETERNITY;
5041
Willy Tarreau5b154472009-12-21 20:11:07 +01005042 /* Now we have to check if we need to modify the Connection header.
5043 * This is more difficult on the response than it is on the request,
5044 * because we can have two different HTTP versions and we don't know
5045 * how the client will interprete a response. For instance, let's say
5046 * that the client sends a keep-alive request in HTTP/1.0 and gets an
5047 * HTTP/1.1 response without any header. Maybe it will bound itself to
5048 * HTTP/1.0 because it only knows about it, and will consider the lack
5049 * of header as a close, or maybe it knows HTTP/1.1 and can consider
5050 * the lack of header as a keep-alive. Thus we will use two flags
5051 * indicating how a request MAY be understood by the client. In case
5052 * of multiple possibilities, we'll fix the header to be explicit. If
5053 * ambiguous cases such as both close and keepalive are seen, then we
5054 * will fall back to explicit close. Note that we won't take risks with
5055 * HTTP/1.0 clients which may not necessarily understand keep-alive.
Willy Tarreau60466522010-01-18 19:08:45 +01005056 * See doc/internals/connection-header.txt for the complete matrix.
Willy Tarreau5b154472009-12-21 20:11:07 +01005057 */
5058
Willy Tarreaudc008c52010-02-01 16:20:08 +01005059 if (unlikely((txn->meth == HTTP_METH_CONNECT && txn->status == 200) ||
5060 txn->status == 101)) {
5061 /* Either we've established an explicit tunnel, or we're
5062 * switching the protocol. In both cases, we're very unlikely
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005063 * to understand the next protocols. We have to switch to tunnel
5064 * mode, so that we transfer the request and responses then let
5065 * this protocol pass unmodified. When we later implement specific
5066 * parsers for such protocols, we'll want to check the Upgrade
Willy Tarreaudc008c52010-02-01 16:20:08 +01005067 * header which contains information about that protocol for
5068 * responses with status 101 (eg: see RFC2817 about TLS).
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005069 */
5070 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_TUN;
5071 }
Willy Tarreaudc008c52010-02-01 16:20:08 +01005072 else if ((txn->status >= 200) && !(txn->flags & TX_HDR_CONN_PRS) &&
5073 ((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN ||
5074 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE))) {
Willy Tarreau60466522010-01-18 19:08:45 +01005075 int to_del = 0;
Willy Tarreau5b154472009-12-21 20:11:07 +01005076
Willy Tarreau60466522010-01-18 19:08:45 +01005077 /* on unknown transfer length, we must close */
5078 if (!(txn->flags & TX_RES_XFER_LEN) &&
5079 (txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN)
5080 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_CLO;
Willy Tarreau5b154472009-12-21 20:11:07 +01005081
Willy Tarreau60466522010-01-18 19:08:45 +01005082 /* now adjust header transformations depending on current state */
5083 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN ||
5084 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_CLO) {
5085 to_del |= 2; /* remove "keep-alive" on any response */
5086 if (!(txn->flags & TX_RES_VER_11))
5087 to_del |= 1; /* remove "close" for HTTP/1.0 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005088 }
Willy Tarreau60466522010-01-18 19:08:45 +01005089 else { /* SCL / KAL */
5090 to_del |= 1; /* remove "close" on any response */
5091 if ((txn->flags & (TX_RES_VER_11|TX_REQ_VER_11)) == (TX_RES_VER_11|TX_REQ_VER_11))
5092 to_del |= 2; /* remove "keep-alive" on pure 1.1 responses */
Willy Tarreau5b154472009-12-21 20:11:07 +01005093 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005094
Willy Tarreau60466522010-01-18 19:08:45 +01005095 /* Parse and remove some headers from the connection header */
5096 http_parse_connection_header(txn, msg, rep, to_del);
Willy Tarreau5b154472009-12-21 20:11:07 +01005097
Willy Tarreau60466522010-01-18 19:08:45 +01005098 /* Some keep-alive responses are converted to Server-close if
5099 * the server wants to close.
Willy Tarreau5b154472009-12-21 20:11:07 +01005100 */
Willy Tarreau60466522010-01-18 19:08:45 +01005101 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL) {
5102 if ((txn->flags & TX_HDR_CONN_CLO) ||
5103 (txn->flags & (TX_HDR_CONN_KAL|TX_RES_VER_11)) == 0)
5104 txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | TX_CON_WANT_SCL;
Willy Tarreaub608feb2010-01-02 22:47:18 +01005105 }
Willy Tarreau5b154472009-12-21 20:11:07 +01005106 }
5107
Willy Tarreaub37c27e2009-10-18 22:53:08 +02005108 if (1) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005109 /*
5110 * 3: we will have to evaluate the filters.
5111 * As opposed to version 1.2, now they will be evaluated in the
5112 * filters order and not in the header order. This means that
5113 * each filter has to be validated among all headers.
5114 *
5115 * Filters are tried with ->be first, then with ->fe if it is
5116 * different from ->be.
5117 */
5118
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005119 cur_proxy = t->be;
5120 while (1) {
5121 struct proxy *rule_set = cur_proxy;
5122
5123 /* try headers filters */
5124 if (rule_set->rsp_exp != NULL) {
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005125 if (apply_filters_to_response(t, rep, rule_set) < 0) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005126 return_bad_resp:
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005127 if (t->srv) {
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005128 t->srv->counters.failed_resp++;
Krzysztof Piotr Oledzki97f07b82009-12-15 22:31:24 +01005129 health_adjust(t->srv, HANA_STATUS_HTTP_RSP);
5130 }
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005131 cur_proxy->counters.failed_resp++;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005132 return_srv_prx_502:
Willy Tarreau2df28e82008-08-17 15:20:19 +02005133 rep->analysers = 0;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005134 txn->status = 502;
Willy Tarreauc88ea682009-12-29 14:56:36 +01005135 rep->prod->flags |= SI_FL_NOLINGER;
Willy Tarreau0b89fbb2010-02-02 09:57:24 +01005136 buffer_ignore(rep, rep->l - rep->send_max);
Willy Tarreau8e89b842009-10-18 23:56:35 +02005137 stream_int_retnclose(rep->cons, error_message(t, HTTP_ERR_502));
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005138 if (!(t->flags & SN_ERR_MASK))
5139 t->flags |= SN_ERR_PRXCOND;
5140 if (!(t->flags & SN_FINST_MASK))
5141 t->flags |= SN_FINST_H;
Willy Tarreaudafde432008-08-17 01:00:46 +02005142 return 0;
Willy Tarreau21d2af32008-02-14 20:25:24 +01005143 }
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005144 }
Willy Tarreau21d2af32008-02-14 20:25:24 +01005145
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005146 /* has the response been denied ? */
5147 if (txn->flags & TX_SVDENY) {
Willy Tarreau8365f932009-03-15 23:11:49 +01005148 if (t->srv)
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005149 t->srv->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005150
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005151 cur_proxy->counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005152 if (t->listener->counters)
5153 t->listener->counters->denied_resp++;
5154
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005155 goto return_srv_prx_502;
Willy Tarreau51406232008-03-10 22:04:20 +01005156 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005157
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005158 /* add response headers from the rule sets in the same order */
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01005159 list_for_each_entry(wl, &rule_set->rsp_add, list) {
Willy Tarreau816b9792009-09-15 21:25:21 +02005160 if (txn->status < 200)
5161 break;
Willy Tarreaufdb563c2010-01-31 15:43:27 +01005162 if (wl->cond) {
5163 int ret = acl_exec_cond(wl->cond, px, t, txn, ACL_DIR_RTR);
5164 ret = acl_pass(ret);
5165 if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
5166 ret = !ret;
5167 if (!ret)
5168 continue;
5169 }
Willy Tarreaudeb9ed82010-01-03 21:03:22 +01005170 if (unlikely(http_header_add_tail(rep, &txn->rsp, &txn->hdr_idx, wl->s) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005171 goto return_bad_resp;
Willy Tarreau0bbc3cf2006-10-15 14:26:02 +02005172 }
5173
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005174 /* check whether we're already working on the frontend */
5175 if (cur_proxy == t->fe)
5176 break;
5177 cur_proxy = t->fe;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005178 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005179
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005180 /*
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005181 * We may be facing a 100-continue response, in which case this
5182 * is not the right response, and we're waiting for the next one.
5183 * Let's allow this response to go to the client and wait for the
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005184 * next one.
5185 */
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005186 if (unlikely(txn->status == 100)) {
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005187 hdr_idx_init(&txn->hdr_idx);
Willy Tarreau962c3f42010-01-10 00:15:35 +01005188 buffer_forward(rep, rep->lr - msg->sol);
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005189 msg->msg_state = HTTP_MSG_RPBEFORE;
5190 txn->status = 0;
5191 rep->analysers |= AN_RES_WAIT_HTTP | an_bit;
5192 return 1;
5193 }
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005194 else if (unlikely(txn->status < 200))
5195 goto skip_header_mangling;
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005196
5197 /* we don't have any 1xx status code now */
5198
5199 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005200 * 4: check for server cookie.
5201 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005202 if (t->be->cookie_name || t->be->appsession_name || t->fe->capture_name ||
5203 (t->be->options & PR_O_CHK_CACHE))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005204 manage_server_side_cookies(t, rep);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005205
Willy Tarreaubaaee002006-06-26 02:48:02 +02005206
Willy Tarreaua15645d2007-03-18 16:22:39 +01005207 /*
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005208 * 5: check for cache-control or pragma headers if required.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005209 */
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005210 if ((t->be->options & (PR_O_COOK_NOC | PR_O_CHK_CACHE)) != 0)
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005211 check_response_for_cacheability(t, rep);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005212
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005213 /*
5214 * 6: add server cookie in the response if needed
5215 */
Willy Tarreauef4f3912010-10-07 21:00:29 +02005216 if ((t->srv) && (t->be->options & PR_O_COOK_INS) &&
Willy Tarreauba4c5be2010-10-23 12:46:42 +02005217 !((txn->flags & TX_SCK_FOUND) && (t->be->options2 & PR_O2_COOK_PSV)) &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02005218 (!(t->flags & SN_DIRECT) ||
5219 ((t->be->cookie_maxidle || txn->cookie_last_date) &&
5220 (!txn->cookie_last_date || (txn->cookie_last_date - date.tv_sec) < 0)) ||
5221 (t->be->cookie_maxlife && !txn->cookie_first_date) || // set the first_date
5222 (!t->be->cookie_maxlife && txn->cookie_first_date)) && // remove the first_date
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02005223 (!(t->be->options & PR_O_COOK_POST) || (txn->meth == HTTP_METH_POST)) &&
5224 !(t->flags & SN_IGNORE_PRST)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005225 int len;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005226 /* the server is known, it's not the one the client requested, or the
5227 * cookie's last seen date needs to be refreshed. We have to
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005228 * insert a set-cookie here, except if we want to insert only on POST
5229 * requests and this one isn't. Note that servers which don't have cookies
5230 * (eg: some backup servers) will return a full cookie removal request.
5231 */
Willy Tarreauef4f3912010-10-07 21:00:29 +02005232 if (!t->srv->cookie) {
5233 len = sprintf(trash,
5234 "Set-Cookie: %s=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/",
5235 t->be->cookie_name);
5236 }
5237 else {
5238 len = sprintf(trash, "Set-Cookie: %s=%s", t->be->cookie_name, t->srv->cookie);
5239
5240 if (t->be->cookie_maxidle || t->be->cookie_maxlife) {
5241 /* emit last_date, which is mandatory */
5242 trash[len++] = COOKIE_DELIM_DATE;
5243 s30tob64((date.tv_sec+3) >> 2, trash + len); len += 5;
5244 if (t->be->cookie_maxlife) {
5245 /* emit first_date, which is either the original one or
5246 * the current date.
5247 */
5248 trash[len++] = COOKIE_DELIM_DATE;
5249 s30tob64(txn->cookie_first_date ?
5250 txn->cookie_first_date >> 2 :
5251 (date.tv_sec+3) >> 2, trash + len);
5252 len += 5;
5253 }
5254 }
5255 len += sprintf(trash + len, "; path=/");
5256 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005257
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005258 if (t->be->cookie_domain)
5259 len += sprintf(trash+len, "; domain=%s", t->be->cookie_domain);
Willy Tarreaubaaee002006-06-26 02:48:02 +02005260
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005261 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01005262 trash, len) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005263 goto return_bad_resp;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005264
Willy Tarreauf1348312010-10-07 15:54:11 +02005265 txn->flags &= ~TX_SCK_MASK;
Willy Tarreauef4f3912010-10-07 21:00:29 +02005266 if (t->srv->cookie && (t->flags & SN_DIRECT))
5267 /* the server did not change, only the date was updated */
5268 txn->flags |= TX_SCK_UPDATED;
5269 else
5270 txn->flags |= TX_SCK_INSERTED;
Willy Tarreaubaaee002006-06-26 02:48:02 +02005271
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005272 /* Here, we will tell an eventual cache on the client side that we don't
5273 * want it to cache this reply because HTTP/1.0 caches also cache cookies !
5274 * Some caches understand the correct form: 'no-cache="set-cookie"', but
5275 * others don't (eg: apache <= 1.3.26). So we use 'private' instead.
5276 */
5277 if ((t->be->options & PR_O_COOK_NOC) && (txn->flags & TX_CACHEABLE)) {
Willy Tarreaubaaee002006-06-26 02:48:02 +02005278
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005279 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
5280
5281 if (unlikely(http_header_add_tail2(rep, &txn->rsp, &txn->hdr_idx,
Willy Tarreau58cc8722009-12-28 06:57:33 +01005282 "Cache-control: private", 22) < 0))
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005283 goto return_bad_resp;
Willy Tarreaua15645d2007-03-18 16:22:39 +01005284 }
5285 }
Willy Tarreaubaaee002006-06-26 02:48:02 +02005286
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005287 /*
5288 * 7: check if result will be cacheable with a cookie.
5289 * We'll block the response if security checks have caught
5290 * nasty things such as a cacheable cookie.
5291 */
Willy Tarreauf1348312010-10-07 15:54:11 +02005292 if (((txn->flags & (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) ==
5293 (TX_CACHEABLE | TX_CACHE_COOK | TX_SCK_PRESENT)) &&
Willy Tarreau63c9e5f2009-12-22 16:01:27 +01005294 (t->be->options & PR_O_CHK_CACHE)) {
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005295
5296 /* we're in presence of a cacheable response containing
5297 * a set-cookie header. We'll block it as requested by
5298 * the 'checkcache' option, and send an alert.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005299 */
Willy Tarreau8365f932009-03-15 23:11:49 +01005300 if (t->srv)
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005301 t->srv->counters.failed_secu++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005302
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005303 cur_proxy->counters.denied_resp++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005304 if (t->listener->counters)
5305 t->listener->counters->denied_resp++;
5306
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005307 Alert("Blocking cacheable cookie in response from instance %s, server %s.\n",
5308 t->be->id, t->srv?t->srv->id:"<dispatch>");
5309 send_log(t->be, LOG_ALERT,
5310 "Blocking cacheable cookie in response from instance %s, server %s.\n",
5311 t->be->id, t->srv?t->srv->id:"<dispatch>");
5312 goto return_srv_prx_502;
5313 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005314
5315 /*
Willy Tarreau60466522010-01-18 19:08:45 +01005316 * 8: adjust "Connection: close" or "Connection: keep-alive" if needed.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005317 */
Willy Tarreau60466522010-01-18 19:08:45 +01005318 if (((txn->flags & TX_CON_WANT_MSK) != TX_CON_WANT_TUN) ||
5319 ((t->fe->options|t->be->options) & PR_O_HTTP_CLOSE)) {
5320 unsigned int want_flags = 0;
5321
5322 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5323 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL) {
5324 /* we want a keep-alive response here. Keep-alive header
5325 * required if either side is not 1.1.
5326 */
5327 if ((txn->flags & (TX_REQ_VER_11|TX_RES_VER_11)) != (TX_REQ_VER_11|TX_RES_VER_11))
5328 want_flags |= TX_CON_KAL_SET;
5329 }
5330 else {
5331 /* we want a close response here. Close header required if
5332 * the server is 1.1, regardless of the client.
5333 */
5334 if (txn->flags & TX_RES_VER_11)
5335 want_flags |= TX_CON_CLO_SET;
5336 }
5337
5338 if (want_flags != (txn->flags & (TX_CON_CLO_SET|TX_CON_KAL_SET)))
5339 http_change_connection_header(txn, msg, rep, want_flags);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005340 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005341
Willy Tarreau5843d1a2010-02-01 15:13:32 +01005342 skip_header_mangling:
Willy Tarreaudc008c52010-02-01 16:20:08 +01005343 if ((txn->flags & TX_RES_XFER_LEN) ||
5344 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_TUN)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005345 rep->analysers |= AN_RES_HTTP_XFER_BODY;
Willy Tarreau03945942009-12-22 16:50:27 +01005346
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005347 /*************************************************************
5348 * OK, that's finished for the headers. We have done what we *
5349 * could. Let's switch to the DATA state. *
5350 ************************************************************/
Willy Tarreaubaaee002006-06-26 02:48:02 +02005351
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005352 t->logs.t_data = tv_ms_elapsed(&t->logs.tv_accept, &now);
Willy Tarreaua15645d2007-03-18 16:22:39 +01005353
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005354 /* if the user wants to log as soon as possible, without counting
5355 * bytes from the server, then this is the right moment. We have
5356 * to temporarily assign bytes_out to log what we currently have.
5357 */
5358 if (t->fe->to_log && !(t->logs.logwait & LW_BYTES)) {
5359 t->logs.t_close = t->logs.t_data; /* to get a valid end date */
5360 t->logs.bytes_out = txn->rsp.eoh;
Willy Tarreaua5555ec2008-11-30 19:02:32 +01005361 t->do_log(t);
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005362 t->logs.bytes_out = 0;
5363 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01005364
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005365 /* Note: we must not try to cheat by jumping directly to DATA,
5366 * otherwise we would not let the client side wake up.
5367 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01005368
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005369 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005370 }
Willy Tarreaue3fa6e52010-01-04 22:57:43 +01005371 return 1;
Willy Tarreauf5483bf2008-08-14 18:35:40 +02005372}
Willy Tarreaua15645d2007-03-18 16:22:39 +01005373
Willy Tarreaud98cf932009-12-27 22:54:55 +01005374/* This function is an analyser which forwards response body (including chunk
5375 * sizes if any). It is called as soon as we must forward, even if we forward
5376 * zero byte. The only situation where it must not be called is when we're in
5377 * tunnel mode and we want to forward till the close. It's used both to forward
5378 * remaining data and to resync after end of body. It expects the msg_state to
5379 * be between MSG_BODY and MSG_DONE (inclusive). It returns zero if it needs to
5380 * read more data, or 1 once we can go on with next request or end the session.
Willy Tarreau124d9912011-03-01 20:30:48 +01005381 * When in MSG_DATA or MSG_TRAILERS, it will automatically forward chunk_len
Willy Tarreaud98cf932009-12-27 22:54:55 +01005382 * bytes of pending data + the headers if not already done (between som and sov).
5383 * It eventually adjusts som to match sov after the data in between have been sent.
5384 */
5385int http_response_forward_body(struct session *s, struct buffer *res, int an_bit)
5386{
5387 struct http_txn *txn = &s->txn;
5388 struct http_msg *msg = &s->txn.rsp;
5389
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005390 if (unlikely(msg->msg_state < HTTP_MSG_BODY))
5391 return 0;
5392
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01005393 if ((res->flags & (BF_READ_ERROR|BF_READ_TIMEOUT|BF_WRITE_ERROR|BF_WRITE_TIMEOUT)) ||
Willy Tarreau2fa144c2010-01-04 23:13:26 +01005394 ((res->flags & BF_SHUTW) && (res->to_forward || res->send_max)) ||
Willy Tarreau6c2cbe12010-01-03 17:07:49 +01005395 !s->req->analysers) {
Willy Tarreau4fe41902010-06-07 22:27:41 +02005396 /* Output closed while we were sending data. We must abort and
5397 * wake the other side up.
5398 */
5399 msg->msg_state = HTTP_MSG_ERROR;
5400 http_resync_states(s);
Willy Tarreau082b01c2010-01-02 23:58:04 +01005401 return 1;
5402 }
5403
Willy Tarreau4fe41902010-06-07 22:27:41 +02005404 /* in most states, we should abort in case of early close */
5405 buffer_auto_close(res);
Willy Tarreaub608feb2010-01-02 22:47:18 +01005406
Willy Tarreaud98cf932009-12-27 22:54:55 +01005407 if (msg->msg_state < HTTP_MSG_CHUNK_SIZE) {
5408 /* we have msg->col and msg->sov which both point to the first
5409 * byte of message body. msg->som still points to the beginning
5410 * of the message. We must save the body in req->lr because it
5411 * survives buffer re-alignments.
5412 */
5413 res->lr = res->data + msg->sov;
5414 if (txn->flags & TX_RES_TE_CHNK)
5415 msg->msg_state = HTTP_MSG_CHUNK_SIZE;
5416 else {
5417 msg->msg_state = HTTP_MSG_DATA;
5418 }
5419 }
5420
Willy Tarreaud98cf932009-12-27 22:54:55 +01005421 while (1) {
Willy Tarreau610ecce2010-01-04 21:15:02 +01005422 http_silent_debug(__LINE__, s);
Willy Tarreau638cd022010-01-03 07:42:04 +01005423 /* we may have some data pending */
Willy Tarreau124d9912011-03-01 20:30:48 +01005424 if (msg->chunk_len || msg->som != msg->sov) {
Willy Tarreau638cd022010-01-03 07:42:04 +01005425 int bytes = msg->sov - msg->som;
5426 if (bytes < 0) /* sov may have wrapped at the end */
5427 bytes += res->size;
Willy Tarreau124d9912011-03-01 20:30:48 +01005428 buffer_forward(res, bytes + msg->chunk_len);
5429 msg->chunk_len = 0; /* don't forward that again */
Willy Tarreau638cd022010-01-03 07:42:04 +01005430 msg->som = msg->sov;
5431 }
5432
Willy Tarreaucaabe412010-01-03 23:08:28 +01005433 if (msg->msg_state == HTTP_MSG_DATA) {
5434 /* must still forward */
5435 if (res->to_forward)
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005436 goto missing_data;
Willy Tarreaucaabe412010-01-03 23:08:28 +01005437
5438 /* nothing left to forward */
5439 if (txn->flags & TX_RES_TE_CHNK)
5440 msg->msg_state = HTTP_MSG_DATA_CRLF;
5441 else
5442 msg->msg_state = HTTP_MSG_DONE;
5443 }
5444 else if (msg->msg_state == HTTP_MSG_CHUNK_SIZE) {
Willy Tarreau124d9912011-03-01 20:30:48 +01005445 /* read the chunk size and assign it to ->chunk_len, then
Willy Tarreaud98cf932009-12-27 22:54:55 +01005446 * set ->sov to point to the body and switch to DATA or TRAILERS state.
5447 */
5448 int ret = http_parse_chunk_size(res, msg);
5449
5450 if (!ret)
5451 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005452 else if (ret < 0) {
5453 if (msg->err_pos >= 0)
5454 http_capture_bad_message(&s->be->invalid_rep, s, res, msg, HTTP_MSG_CHUNK_SIZE, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005455 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005456 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005457 /* otherwise we're in HTTP_MSG_DATA or HTTP_MSG_TRAILERS state */
Willy Tarreau57f5c122010-12-02 00:37:14 +01005458 /* Don't set a PUSH at the end of that chunk if it's not the last one */
5459 if (msg->msg_state == HTTP_MSG_DATA)
5460 res->flags |= BF_EXPECT_MORE;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005461 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005462 else if (msg->msg_state == HTTP_MSG_DATA_CRLF) {
5463 /* we want the CRLF after the data */
5464 int ret;
5465
Willy Tarreaud3347ee2010-01-04 02:02:25 +01005466 res->lr = res->w + res->send_max;
5467 if (res->lr >= res->data + res->size)
5468 res->lr -= res->size;
5469
Willy Tarreaud98cf932009-12-27 22:54:55 +01005470 ret = http_skip_chunk_crlf(res, msg);
5471
5472 if (!ret)
5473 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005474 else if (ret < 0) {
5475 if (msg->err_pos >= 0)
5476 http_capture_bad_message(&s->be->invalid_rep, s, res, msg, HTTP_MSG_DATA_CRLF, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005477 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005478 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005479 /* we're in MSG_CHUNK_SIZE now */
5480 }
5481 else if (msg->msg_state == HTTP_MSG_TRAILERS) {
5482 int ret = http_forward_trailers(res, msg);
Willy Tarreau5523b322009-12-29 12:05:52 +01005483
Willy Tarreaud98cf932009-12-27 22:54:55 +01005484 if (ret == 0)
5485 goto missing_data;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005486 else if (ret < 0) {
5487 if (msg->err_pos >= 0)
5488 http_capture_bad_message(&s->be->invalid_rep, s, res, msg, HTTP_MSG_TRAILERS, s->fe);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005489 goto return_bad_res;
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005490 }
Willy Tarreaud98cf932009-12-27 22:54:55 +01005491 /* we're in HTTP_MSG_DONE now */
5492 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005493 else {
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005494 int old_state = msg->msg_state;
5495
Willy Tarreau610ecce2010-01-04 21:15:02 +01005496 /* other states, DONE...TUNNEL */
Willy Tarreau4fe41902010-06-07 22:27:41 +02005497 /* for keep-alive we don't want to forward closes on DONE */
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005498 if ((txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5499 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
5500 buffer_dont_close(res);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005501 if (http_resync_states(s)) {
5502 http_silent_debug(__LINE__, s);
5503 /* some state changes occurred, maybe the analyser
5504 * was disabled too.
Willy Tarreau5523b322009-12-29 12:05:52 +01005505 */
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005506 if (unlikely(msg->msg_state == HTTP_MSG_ERROR)) {
5507 if (res->flags & BF_SHUTW) {
5508 /* response errors are most likely due to
5509 * the client aborting the transfer.
5510 */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005511 goto aborted_xfer;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005512 }
Willy Tarreaue1582eb2010-12-12 13:10:11 +01005513 if (msg->err_pos >= 0)
5514 http_capture_bad_message(&s->be->invalid_rep, s, res, msg, old_state, s->fe);
Willy Tarreau610ecce2010-01-04 21:15:02 +01005515 goto return_bad_res;
Willy Tarreau3fe693b2010-12-12 12:50:05 +01005516 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005517 return 1;
Willy Tarreau5523b322009-12-29 12:05:52 +01005518 }
Willy Tarreau610ecce2010-01-04 21:15:02 +01005519 return 0;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005520 }
5521 }
5522
Willy Tarreaud98cf932009-12-27 22:54:55 +01005523 missing_data:
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005524 /* stop waiting for data if the input is closed before the end */
Willy Tarreau40dba092010-03-04 18:14:51 +01005525 if (res->flags & BF_SHUTR) {
5526 if (!(s->flags & SN_ERR_MASK))
5527 s->flags |= SN_ERR_SRVCL;
Willy Tarreauae526782010-03-04 20:34:23 +01005528 s->be->counters.srv_aborts++;
5529 if (s->srv)
5530 s->srv->counters.srv_aborts++;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005531 goto return_bad_res_stats_ok;
Willy Tarreau40dba092010-03-04 18:14:51 +01005532 }
Willy Tarreauf5c8bd62010-01-04 07:10:34 +01005533
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005534 if (res->flags & BF_SHUTW)
5535 goto aborted_xfer;
5536
Willy Tarreau40dba092010-03-04 18:14:51 +01005537 /* we need to obey the req analyser, so if it leaves, we must too */
Willy Tarreau610ecce2010-01-04 21:15:02 +01005538 if (!s->req->analysers)
5539 goto return_bad_res;
5540
Willy Tarreaud98cf932009-12-27 22:54:55 +01005541 /* forward the chunk size as well as any pending data */
Willy Tarreau124d9912011-03-01 20:30:48 +01005542 if (msg->chunk_len || msg->som != msg->sov) {
Willy Tarreauacd20f82011-03-01 20:04:36 +01005543 int bytes = msg->sov - msg->som;
5544 if (bytes < 0) /* sov may have wrapped at the end */
5545 bytes += res->size;
Willy Tarreau124d9912011-03-01 20:30:48 +01005546 buffer_forward(res, msg->sov - msg->som + msg->chunk_len);
5547 msg->chunk_len = 0; /* don't forward that again */
Willy Tarreaud98cf932009-12-27 22:54:55 +01005548 msg->som = msg->sov;
5549 }
5550
Willy Tarreau92aa1fa2010-08-28 18:57:20 +02005551 /* When TE: chunked is used, we need to get there again to parse remaining
5552 * chunks even if the server has closed, so we don't want to set BF_DONTCLOSE.
5553 * Similarly, with keep-alive on the client side, we don't want to forward a
5554 * close.
5555 */
5556 if ((txn->flags & TX_RES_TE_CHNK) ||
5557 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_KAL ||
5558 (txn->flags & TX_CON_WANT_MSK) == TX_CON_WANT_SCL)
5559 buffer_dont_close(res);
5560
Willy Tarreaud98cf932009-12-27 22:54:55 +01005561 /* the session handler will take care of timeouts and errors */
Willy Tarreau610ecce2010-01-04 21:15:02 +01005562 http_silent_debug(__LINE__, s);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005563 return 0;
5564
Willy Tarreau40dba092010-03-04 18:14:51 +01005565 return_bad_res: /* let's centralize all bad responses */
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005566 s->be->counters.failed_resp++;
5567 if (s->srv)
5568 s->srv->counters.failed_resp++;
5569
5570 return_bad_res_stats_ok:
Willy Tarreaud98cf932009-12-27 22:54:55 +01005571 txn->rsp.msg_state = HTTP_MSG_ERROR;
Willy Tarreau148d0992010-01-10 10:21:21 +01005572 /* don't send any error message as we're in the body */
5573 stream_int_retnclose(res->cons, NULL);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005574 res->analysers = 0;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005575 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
5576 if (s->srv)
Willy Tarreaud98cf932009-12-27 22:54:55 +01005577 health_adjust(s->srv, HANA_STATUS_HTTP_HDRRSP);
Willy Tarreaud98cf932009-12-27 22:54:55 +01005578
5579 if (!(s->flags & SN_ERR_MASK))
5580 s->flags |= SN_ERR_PRXCOND;
5581 if (!(s->flags & SN_FINST_MASK))
Willy Tarreau40dba092010-03-04 18:14:51 +01005582 s->flags |= SN_FINST_D;
Willy Tarreaued2fd2d2010-12-29 11:23:27 +01005583 return 0;
5584
5585 aborted_xfer:
5586 txn->rsp.msg_state = HTTP_MSG_ERROR;
5587 /* don't send any error message as we're in the body */
5588 stream_int_retnclose(res->cons, NULL);
5589 res->analysers = 0;
5590 s->req->analysers = 0; /* we're in data phase, we want to abort both directions */
5591
5592 s->fe->counters.cli_aborts++;
5593 if (s->fe != s->be)
5594 s->be->counters.cli_aborts++;
5595 if (s->srv)
5596 s->srv->counters.cli_aborts++;
5597
5598 if (!(s->flags & SN_ERR_MASK))
5599 s->flags |= SN_ERR_CLICL;
5600 if (!(s->flags & SN_FINST_MASK))
5601 s->flags |= SN_FINST_D;
Willy Tarreaud98cf932009-12-27 22:54:55 +01005602 return 0;
5603}
5604
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005605/* Iterate the same filter through all request headers.
5606 * Returns 1 if this filter can be stopped upon return, otherwise 0.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005607 * Since it can manage the switch to another backend, it updates the per-proxy
5608 * DENY stats.
Willy Tarreau58f10d72006-12-04 02:26:12 +01005609 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005610int apply_filter_to_req_headers(struct session *t, struct buffer *req, struct hdr_exp *exp)
Willy Tarreau58f10d72006-12-04 02:26:12 +01005611{
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005612 char term;
5613 char *cur_ptr, *cur_end, *cur_next;
5614 int cur_idx, old_idx, last_hdr;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005615 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005616 struct hdr_idx_elem *cur_hdr;
5617 int len, delta;
Willy Tarreau0f7562b2007-01-07 15:46:13 +01005618
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005619 last_hdr = 0;
5620
Willy Tarreau962c3f42010-01-10 00:15:35 +01005621 cur_next = txn->req.sol + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005622 old_idx = 0;
5623
5624 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01005625 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005626 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01005627 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005628 (exp->action == ACT_ALLOW ||
5629 exp->action == ACT_DENY ||
5630 exp->action == ACT_TARPIT))
5631 return 0;
5632
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005633 cur_idx = txn->hdr_idx.v[old_idx].next;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005634 if (!cur_idx)
5635 break;
5636
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005637 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005638 cur_ptr = cur_next;
5639 cur_end = cur_ptr + cur_hdr->len;
5640 cur_next = cur_end + cur_hdr->cr + 1;
5641
5642 /* Now we have one header between cur_ptr and cur_end,
5643 * and the next header starts at cur_next.
Willy Tarreau58f10d72006-12-04 02:26:12 +01005644 */
5645
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005646 /* The annoying part is that pattern matching needs
5647 * that we modify the contents to null-terminate all
5648 * strings before testing them.
5649 */
5650
5651 term = *cur_end;
5652 *cur_end = '\0';
5653
5654 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
5655 switch (exp->action) {
5656 case ACT_SETBE:
5657 /* It is not possible to jump a second time.
5658 * FIXME: should we return an HTTP/500 here so that
5659 * the admin knows there's a problem ?
5660 */
5661 if (t->be != t->fe)
5662 break;
5663
5664 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02005665 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005666 last_hdr = 1;
5667 break;
5668
5669 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01005670 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005671 last_hdr = 1;
5672 break;
5673
5674 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01005675 txn->flags |= TX_CLDENY;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005676 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005677
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005678 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005679 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005680 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005681
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005682 break;
5683
5684 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01005685 txn->flags |= TX_CLTARPIT;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005686 last_hdr = 1;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005687
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005688 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005689 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005690 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005691
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005692 break;
5693
5694 case ACT_REPLACE:
5695 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
5696 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
5697 /* FIXME: if the user adds a newline in the replacement, the
5698 * index will not be recalculated for now, and the new line
5699 * will not be counted as a new header.
5700 */
5701
5702 cur_end += delta;
5703 cur_next += delta;
5704 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01005705 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005706 break;
5707
5708 case ACT_REMOVE:
5709 delta = buffer_replace2(req, cur_ptr, cur_next, NULL, 0);
5710 cur_next += delta;
5711
Willy Tarreaufa355d42009-11-29 18:12:29 +01005712 http_msg_move_end(&txn->req, delta);
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005713 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
5714 txn->hdr_idx.used--;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005715 cur_hdr->len = 0;
5716 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01005717 cur_idx = old_idx;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005718 break;
5719
5720 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005721 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005722 if (cur_end)
5723 *cur_end = term; /* restore the string terminator */
Willy Tarreau58f10d72006-12-04 02:26:12 +01005724
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005725 /* keep the link from this header to next one in case of later
5726 * removal of next header.
Willy Tarreau58f10d72006-12-04 02:26:12 +01005727 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005728 old_idx = cur_idx;
5729 }
5730 return 0;
5731}
5732
5733
5734/* Apply the filter to the request line.
5735 * Returns 0 if nothing has been done, 1 if the filter has been applied,
5736 * or -1 if a replacement resulted in an invalid request line.
Willy Tarreaua15645d2007-03-18 16:22:39 +01005737 * Since it can manage the switch to another backend, it updates the per-proxy
5738 * DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005739 */
5740int apply_filter_to_req_line(struct session *t, struct buffer *req, struct hdr_exp *exp)
5741{
5742 char term;
5743 char *cur_ptr, *cur_end;
5744 int done;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005745 struct http_txn *txn = &t->txn;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005746 int len, delta;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005747
Willy Tarreau58f10d72006-12-04 02:26:12 +01005748
Willy Tarreau3d300592007-03-18 18:34:41 +01005749 if (unlikely(txn->flags & (TX_CLDENY | TX_CLTARPIT)))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005750 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01005751 else if (unlikely(txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005752 (exp->action == ACT_ALLOW ||
5753 exp->action == ACT_DENY ||
5754 exp->action == ACT_TARPIT))
5755 return 0;
5756 else if (exp->action == ACT_REMOVE)
5757 return 0;
5758
5759 done = 0;
5760
Willy Tarreau962c3f42010-01-10 00:15:35 +01005761 cur_ptr = txn->req.sol;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005762 cur_end = cur_ptr + txn->req.sl.rq.l;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005763
5764 /* Now we have the request line between cur_ptr and cur_end */
5765
5766 /* The annoying part is that pattern matching needs
5767 * that we modify the contents to null-terminate all
5768 * strings before testing them.
5769 */
5770
5771 term = *cur_end;
5772 *cur_end = '\0';
5773
5774 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
5775 switch (exp->action) {
5776 case ACT_SETBE:
5777 /* It is not possible to jump a second time.
5778 * FIXME: should we return an HTTP/500 here so that
5779 * the admin knows there's a problem ?
Willy Tarreau58f10d72006-12-04 02:26:12 +01005780 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005781 if (t->be != t->fe)
5782 break;
5783
5784 /* Swithing Proxy */
Willy Tarreau1d0dfb12009-07-07 15:10:31 +02005785 session_set_backend(t, (struct proxy *)exp->replace);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005786 done = 1;
5787 break;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005788
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005789 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01005790 txn->flags |= TX_CLALLOW;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005791 done = 1;
5792 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01005793
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005794 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01005795 txn->flags |= TX_CLDENY;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005796
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005797 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005798 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005799 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005800
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005801 done = 1;
5802 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01005803
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005804 case ACT_TARPIT:
Willy Tarreau3d300592007-03-18 18:34:41 +01005805 txn->flags |= TX_CLTARPIT;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005806
Krzysztof Piotr Oledzki052d4fd2009-10-04 14:52:57 +02005807 t->be->counters.denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005808 if (t->listener->counters)
Willy Tarreaubb695392010-06-23 08:43:37 +02005809 t->listener->counters->denied_req++;
Krzysztof Piotr Oledzkiaeebf9b2009-10-04 15:43:17 +02005810
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005811 done = 1;
5812 break;
Willy Tarreaua496b602006-12-17 23:15:24 +01005813
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005814 case ACT_REPLACE:
5815 *cur_end = term; /* restore the string terminator */
5816 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
5817 delta = buffer_replace2(req, cur_ptr, cur_end, trash, len);
5818 /* FIXME: if the user adds a newline in the replacement, the
5819 * index will not be recalculated for now, and the new line
5820 * will not be counted as a new header.
5821 */
Willy Tarreaua496b602006-12-17 23:15:24 +01005822
Willy Tarreaufa355d42009-11-29 18:12:29 +01005823 http_msg_move_end(&txn->req, delta);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005824 cur_end += delta;
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005825 cur_end = (char *)http_parse_reqline(&txn->req, req->data,
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005826 HTTP_MSG_RQMETH,
5827 cur_ptr, cur_end + 1,
5828 NULL, NULL);
5829 if (unlikely(!cur_end))
5830 return -1;
Willy Tarreaua496b602006-12-17 23:15:24 +01005831
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005832 /* we have a full request and we know that we have either a CR
5833 * or an LF at <ptr>.
5834 */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01005835 txn->meth = find_http_meth(cur_ptr, txn->req.sl.rq.m_l);
5836 hdr_idx_set_start(&txn->hdr_idx, txn->req.sl.rq.l, *cur_end == '\r');
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005837 /* there is no point trying this regex on headers */
5838 return 1;
5839 }
5840 }
5841 *cur_end = term; /* restore the string terminator */
5842 return done;
5843}
Willy Tarreau97de6242006-12-27 17:18:38 +01005844
Willy Tarreau58f10d72006-12-04 02:26:12 +01005845
Willy Tarreau58f10d72006-12-04 02:26:12 +01005846
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005847/*
Willy Tarreau6c123b12010-01-28 20:22:06 +01005848 * Apply all the req filters of proxy <px> to all headers in buffer <req> of session <s>.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005849 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
Willy Tarreaua15645d2007-03-18 16:22:39 +01005850 * unparsable request. Since it can manage the switch to another backend, it
5851 * updates the per-proxy DENY stats.
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005852 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01005853int apply_filters_to_request(struct session *s, struct buffer *req, struct proxy *px)
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005854{
Willy Tarreau6c123b12010-01-28 20:22:06 +01005855 struct http_txn *txn = &s->txn;
5856 struct hdr_exp *exp;
5857
5858 for (exp = px->req_exp; exp; exp = exp->next) {
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005859 int ret;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005860
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005861 /*
5862 * The interleaving of transformations and verdicts
5863 * makes it difficult to decide to continue or stop
5864 * the evaluation.
5865 */
5866
Willy Tarreau6c123b12010-01-28 20:22:06 +01005867 if (txn->flags & (TX_CLDENY|TX_CLTARPIT))
5868 break;
5869
Willy Tarreau3d300592007-03-18 18:34:41 +01005870 if ((txn->flags & TX_CLALLOW) &&
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005871 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
Willy Tarreau6c123b12010-01-28 20:22:06 +01005872 exp->action == ACT_TARPIT || exp->action == ACT_PASS))
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005873 continue;
Willy Tarreau6c123b12010-01-28 20:22:06 +01005874
5875 /* if this filter had a condition, evaluate it now and skip to
5876 * next filter if the condition does not match.
5877 */
5878 if (exp->cond) {
5879 ret = acl_exec_cond(exp->cond, px, s, txn, ACL_DIR_REQ);
5880 ret = acl_pass(ret);
5881 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
5882 ret = !ret;
5883
5884 if (!ret)
5885 continue;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005886 }
5887
5888 /* Apply the filter to the request line. */
Willy Tarreau6c123b12010-01-28 20:22:06 +01005889 ret = apply_filter_to_req_line(s, req, exp);
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005890 if (unlikely(ret < 0))
5891 return -1;
5892
5893 if (likely(ret == 0)) {
5894 /* The filter did not match the request, it can be
5895 * iterated through all headers.
5896 */
Willy Tarreau6c123b12010-01-28 20:22:06 +01005897 apply_filter_to_req_headers(s, req, exp);
Willy Tarreau58f10d72006-12-04 02:26:12 +01005898 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01005899 }
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01005900 return 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01005901}
5902
5903
Willy Tarreaua15645d2007-03-18 16:22:39 +01005904
Willy Tarreau58f10d72006-12-04 02:26:12 +01005905/*
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005906 * Try to retrieve the server associated to the appsession.
5907 * If the server is found, it's assigned to the session.
5908 */
Cyril Bontéb21570a2009-11-29 20:04:48 +01005909void manage_client_side_appsession(struct session *t, const char *buf, int len) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005910 struct http_txn *txn = &t->txn;
5911 appsess *asession = NULL;
5912 char *sessid_temp = NULL;
5913
Cyril Bontéb21570a2009-11-29 20:04:48 +01005914 if (len > t->be->appsession_len) {
5915 len = t->be->appsession_len;
5916 }
5917
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005918 if (t->be->options2 & PR_O2_AS_REQL) {
5919 /* request-learn option is enabled : store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01005920 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005921 /* free previously allocated memory as we don't need the session id found in the URL anymore */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01005922 pool_free2(apools.sessid, txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005923 }
5924
Willy Tarreaua3377ee2010-01-10 10:49:11 +01005925 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005926 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
5927 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
5928 return;
5929 }
5930
Willy Tarreaua3377ee2010-01-10 10:49:11 +01005931 memcpy(txn->sessid, buf, len);
5932 txn->sessid[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005933 }
5934
5935 if ((sessid_temp = pool_alloc2(apools.sessid)) == NULL) {
5936 Alert("Not enough memory process_cli():asession->sessid:malloc().\n");
5937 send_log(t->be, LOG_ALERT, "Not enough memory process_cli():asession->sessid:malloc().\n");
5938 return;
5939 }
5940
Cyril Bontéb21570a2009-11-29 20:04:48 +01005941 memcpy(sessid_temp, buf, len);
5942 sessid_temp[len] = 0;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005943
5944 asession = appsession_hash_lookup(&(t->be->htbl_proxy), sessid_temp);
5945 /* free previously allocated memory */
5946 pool_free2(apools.sessid, sessid_temp);
5947
5948 if (asession != NULL) {
5949 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
5950 if (!(t->be->options2 & PR_O2_AS_REQL))
5951 asession->request_count++;
5952
5953 if (asession->serverid != NULL) {
5954 struct server *srv = t->be->srv;
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02005955
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005956 while (srv) {
5957 if (strcmp(srv->id, asession->serverid) == 0) {
Willy Tarreau4de91492010-01-22 19:10:05 +01005958 if ((srv->state & SRV_RUNNING) ||
5959 (t->be->options & PR_O_PERSIST) ||
5960 (t->flags & SN_FORCE_PRST)) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005961 /* we found the server and it's usable */
5962 txn->flags &= ~TX_CK_MASK;
Willy Tarreau2a6d88d2010-01-24 13:10:43 +01005963 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005964 t->flags |= SN_DIRECT | SN_ASSIGNED;
5965 t->srv = srv;
Willy Tarreau9e000c62011-03-10 14:03:36 +01005966 set_target_server(&t->target, srv);
Willy Tarreau664beb82011-03-10 11:38:29 +01005967
Cyril Bontébf47aeb2009-10-15 00:15:40 +02005968 break;
5969 } else {
5970 txn->flags &= ~TX_CK_MASK;
5971 txn->flags |= TX_CK_DOWN;
5972 }
5973 }
5974 srv = srv->next;
5975 }
5976 }
5977 }
5978}
5979
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02005980/* Find the end of a cookie value contained between <s> and <e>. It works the
5981 * same way as with headers above except that the semi-colon also ends a token.
5982 * See RFC2965 for more information. Note that it requires a valid header to
5983 * return a valid result.
5984 */
5985char *find_cookie_value_end(char *s, const char *e)
5986{
5987 int quoted, qdpair;
5988
5989 quoted = qdpair = 0;
5990 for (; s < e; s++) {
5991 if (qdpair) qdpair = 0;
5992 else if (quoted) {
5993 if (*s == '\\') qdpair = 1;
5994 else if (*s == '"') quoted = 0;
5995 }
5996 else if (*s == '"') quoted = 1;
5997 else if (*s == ',' || *s == ';') return s;
5998 }
5999 return s;
6000}
6001
6002/* Delete a value in a header between delimiters <from> and <next> in buffer
6003 * <buf>. The number of characters displaced is returned, and the pointer to
6004 * the first delimiter is updated if required. The function tries as much as
6005 * possible to respect the following principles :
6006 * - replace <from> delimiter by the <next> one unless <from> points to a
6007 * colon, in which case <next> is simply removed
6008 * - set exactly one space character after the new first delimiter, unless
6009 * there are not enough characters in the block being moved to do so.
6010 * - remove unneeded spaces before the previous delimiter and after the new
6011 * one.
6012 *
6013 * It is the caller's responsibility to ensure that :
6014 * - <from> points to a valid delimiter or the colon ;
6015 * - <next> points to a valid delimiter or the final CR/LF ;
6016 * - there are non-space chars before <from> ;
6017 * - there is a CR/LF at or after <next>.
6018 */
6019int del_hdr_value(struct buffer *buf, char **from, char *next)
6020{
6021 char *prev = *from;
6022
6023 if (*prev == ':') {
6024 /* We're removing the first value, preserve the colon and add a
6025 * space if possible.
6026 */
6027 if (!http_is_crlf[(unsigned char)*next])
6028 next++;
6029 prev++;
6030 if (prev < next)
6031 *prev++ = ' ';
6032
6033 while (http_is_spht[(unsigned char)*next])
6034 next++;
6035 } else {
6036 /* Remove useless spaces before the old delimiter. */
6037 while (http_is_spht[(unsigned char)*(prev-1)])
6038 prev--;
6039 *from = prev;
6040
6041 /* copy the delimiter and if possible a space if we're
6042 * not at the end of the line.
6043 */
6044 if (!http_is_crlf[(unsigned char)*next]) {
6045 *prev++ = *next++;
6046 if (prev + 1 < next)
6047 *prev++ = ' ';
6048 while (http_is_spht[(unsigned char)*next])
6049 next++;
6050 }
6051 }
6052 return buffer_replace2(buf, prev, next, NULL, 0);
6053}
6054
Cyril Bontébf47aeb2009-10-15 00:15:40 +02006055/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006056 * Manage client-side cookie. It can impact performance by about 2% so it is
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006057 * desirable to call it only when needed. This code is quite complex because
6058 * of the multiple very crappy and ambiguous syntaxes we have to support. it
6059 * highly recommended not to touch this part without a good reason !
Willy Tarreau58f10d72006-12-04 02:26:12 +01006060 */
6061void manage_client_side_cookies(struct session *t, struct buffer *req)
6062{
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006063 struct http_txn *txn = &t->txn;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006064 int preserve_hdr;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01006065 int cur_idx, old_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006066 char *hdr_beg, *hdr_end, *hdr_next, *del_from;
6067 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006068
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006069 /* Iterate through the headers, we start with the start line. */
Willy Tarreau83969f42007-01-22 08:55:47 +01006070 old_idx = 0;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006071 hdr_next = txn->req.sol + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006072
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006073 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006074 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006075 int val;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006076
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006077 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006078 hdr_beg = hdr_next;
6079 hdr_end = hdr_beg + cur_hdr->len;
6080 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006081
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006082 /* We have one full header between hdr_beg and hdr_end, and the
6083 * next header starts at hdr_next. We're only interested in
Willy Tarreau58f10d72006-12-04 02:26:12 +01006084 * "Cookie:" headers.
6085 */
6086
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006087 val = http_header_match2(hdr_beg, hdr_end, "Cookie", 6);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006088 if (!val) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006089 old_idx = cur_idx;
6090 continue;
6091 }
6092
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006093 del_from = NULL; /* nothing to be deleted */
6094 preserve_hdr = 0; /* assume we may kill the whole header */
6095
Willy Tarreau58f10d72006-12-04 02:26:12 +01006096 /* Now look for cookies. Conforming to RFC2109, we have to support
6097 * attributes whose name begin with a '$', and associate them with
6098 * the right cookie, if we want to delete this cookie.
6099 * So there are 3 cases for each cookie read :
6100 * 1) it's a special attribute, beginning with a '$' : ignore it.
6101 * 2) it's a server id cookie that we *MAY* want to delete : save
6102 * some pointers on it (last semi-colon, beginning of cookie...)
6103 * 3) it's an application cookie : we *MAY* have to delete a previous
6104 * "special" cookie.
6105 * At the end of loop, if a "special" cookie remains, we may have to
6106 * remove it. If no application cookie persists in the header, we
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006107 * *MUST* delete it.
6108 *
6109 * Note: RFC2965 is unclear about the processing of spaces around
6110 * the equal sign in the ATTR=VALUE form. A careful inspection of
6111 * the RFC explicitly allows spaces before it, and not within the
6112 * tokens (attrs or values). An inspection of RFC2109 allows that
6113 * too but section 10.1.3 lets one think that spaces may be allowed
6114 * after the equal sign too, resulting in some (rare) buggy
6115 * implementations trying to do that. So let's do what servers do.
6116 * Latest ietf draft forbids spaces all around. Also, earlier RFCs
6117 * allowed quoted strings in values, with any possible character
6118 * after a backslash, including control chars and delimitors, which
6119 * causes parsing to become ambiguous. Browsers also allow spaces
6120 * within values even without quotes.
6121 *
6122 * We have to keep multiple pointers in order to support cookie
6123 * removal at the beginning, middle or end of header without
6124 * corrupting the header. All of these headers are valid :
6125 *
6126 * Cookie:NAME1=VALUE1;NAME2=VALUE2;NAME3=VALUE3\r\n
6127 * Cookie:NAME1=VALUE1;NAME2_ONLY ;NAME3=VALUE3\r\n
6128 * Cookie: NAME1 = VALUE 1 ; NAME2 = VALUE2 ; NAME3 = VALUE3\r\n
6129 * | | | | | | | | |
6130 * | | | | | | | | hdr_end <--+
6131 * | | | | | | | +--> next
6132 * | | | | | | +----> val_end
6133 * | | | | | +-----------> val_beg
6134 * | | | | +--------------> equal
6135 * | | | +----------------> att_end
6136 * | | +---------------------> att_beg
6137 * | +--------------------------> prev
6138 * +--------------------------------> hdr_beg
Willy Tarreau58f10d72006-12-04 02:26:12 +01006139 */
6140
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006141 for (prev = hdr_beg + 6; prev < hdr_end; prev = next) {
6142 /* Iterate through all cookies on this line */
6143
6144 /* find att_beg */
6145 att_beg = prev + 1;
6146 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
6147 att_beg++;
6148
6149 /* find att_end : this is the first character after the last non
6150 * space before the equal. It may be equal to hdr_end.
6151 */
6152 equal = att_end = att_beg;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006153
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006154 while (equal < hdr_end) {
6155 if (*equal == '=' || *equal == ',' || *equal == ';')
Willy Tarreau58f10d72006-12-04 02:26:12 +01006156 break;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006157 if (http_is_spht[(unsigned char)*equal++])
6158 continue;
6159 att_end = equal;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006160 }
6161
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006162 /* here, <equal> points to '=', a delimitor or the end. <att_end>
6163 * is between <att_beg> and <equal>, both may be identical.
6164 */
6165
6166 /* look for end of cookie if there is an equal sign */
6167 if (equal < hdr_end && *equal == '=') {
6168 /* look for the beginning of the value */
6169 val_beg = equal + 1;
6170 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
6171 val_beg++;
6172
6173 /* find the end of the value, respecting quotes */
6174 next = find_cookie_value_end(val_beg, hdr_end);
6175
6176 /* make val_end point to the first white space or delimitor after the value */
6177 val_end = next;
6178 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
6179 val_end--;
6180 } else {
6181 val_beg = val_end = next = equal;
Willy Tarreau305ae852010-01-03 19:45:54 +01006182 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006183
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006184 /* We have nothing to do with attributes beginning with '$'. However,
6185 * they will automatically be removed if a header before them is removed,
6186 * since they're supposed to be linked together.
6187 */
6188 if (*att_beg == '$')
6189 continue;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006190
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006191 /* Ignore cookies with no equal sign */
6192 if (equal == next) {
6193 /* This is not our cookie, so we must preserve it. But if we already
6194 * scheduled another cookie for removal, we cannot remove the
6195 * complete header, but we can remove the previous block itself.
6196 */
6197 preserve_hdr = 1;
6198 if (del_from != NULL) {
6199 int delta = del_hdr_value(req, &del_from, prev);
6200 val_end += delta;
6201 next += delta;
6202 hdr_end += delta;
6203 hdr_next += delta;
6204 cur_hdr->len += delta;
6205 http_msg_move_end(&txn->req, delta);
6206 prev = del_from;
6207 del_from = NULL;
6208 }
6209 continue;
Willy Tarreau305ae852010-01-03 19:45:54 +01006210 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006211
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006212 /* if there are spaces around the equal sign, we need to
6213 * strip them otherwise we'll get trouble for cookie captures,
6214 * or even for rewrites. Since this happens extremely rarely,
6215 * it does not hurt performance.
Willy Tarreau58f10d72006-12-04 02:26:12 +01006216 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006217 if (unlikely(att_end != equal || val_beg > equal + 1)) {
6218 int stripped_before = 0;
6219 int stripped_after = 0;
6220
6221 if (att_end != equal) {
6222 stripped_before = buffer_replace2(req, att_end, equal, NULL, 0);
6223 equal += stripped_before;
6224 val_beg += stripped_before;
6225 }
6226
6227 if (val_beg > equal + 1) {
6228 stripped_after = buffer_replace2(req, equal + 1, val_beg, NULL, 0);
6229 val_beg += stripped_after;
6230 stripped_before += stripped_after;
6231 }
6232
6233 val_end += stripped_before;
6234 next += stripped_before;
6235 hdr_end += stripped_before;
6236 hdr_next += stripped_before;
6237 cur_hdr->len += stripped_before;
6238 http_msg_move_end(&txn->req, stripped_before);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006239 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006240 /* now everything is as on the diagram above */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006241
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006242 /* First, let's see if we want to capture this cookie. We check
6243 * that we don't already have a client side cookie, because we
6244 * can only capture one. Also as an optimisation, we ignore
6245 * cookies shorter than the declared name.
6246 */
6247 if (t->fe->capture_name != NULL && txn->cli_cookie == NULL &&
6248 (val_end - att_beg >= t->fe->capture_namelen) &&
6249 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
6250 int log_len = val_end - att_beg;
6251
6252 if ((txn->cli_cookie = pool_alloc2(pool2_capture)) == NULL) {
6253 Alert("HTTP logging : out of memory.\n");
6254 } else {
6255 if (log_len > t->fe->capture_len)
6256 log_len = t->fe->capture_len;
6257 memcpy(txn->cli_cookie, att_beg, log_len);
6258 txn->cli_cookie[log_len] = 0;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006259 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006260 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006261
Willy Tarreaubca99692010-10-06 19:25:55 +02006262 /* Persistence cookies in passive, rewrite or insert mode have the
6263 * following form :
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006264 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006265 * Cookie: NAME=SRV[|<lastseen>[|<firstseen>]]
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006266 *
Willy Tarreaubca99692010-10-06 19:25:55 +02006267 * For cookies in prefix mode, the form is :
6268 *
6269 * Cookie: NAME=SRV~VALUE
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006270 */
6271 if ((att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
6272 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
6273 struct server *srv = t->be->srv;
6274 char *delim;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006275
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006276 /* if we're in cookie prefix mode, we'll search the delimitor so that we
6277 * have the server ID between val_beg and delim, and the original cookie between
6278 * delim+1 and val_end. Otherwise, delim==val_end :
6279 *
6280 * Cookie: NAME=SRV; # in all but prefix modes
6281 * Cookie: NAME=SRV~OPAQUE ; # in prefix mode
6282 * | || || | |+-> next
6283 * | || || | +--> val_end
6284 * | || || +---------> delim
6285 * | || |+------------> val_beg
6286 * | || +-------------> att_end = equal
6287 * | |+-----------------> att_beg
6288 * | +------------------> prev
6289 * +-------------------------> hdr_beg
6290 */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006291
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006292 if (t->be->options & PR_O_COOK_PFX) {
6293 for (delim = val_beg; delim < val_end; delim++)
6294 if (*delim == COOKIE_DELIM)
6295 break;
Willy Tarreaubca99692010-10-06 19:25:55 +02006296 } else {
6297 char *vbar1;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006298 delim = val_end;
Willy Tarreaubca99692010-10-06 19:25:55 +02006299 /* Now check if the cookie contains a date field, which would
6300 * appear after a vertical bar ('|') just after the server name
6301 * and before the delimiter.
6302 */
6303 vbar1 = memchr(val_beg, COOKIE_DELIM_DATE, val_end - val_beg);
6304 if (vbar1) {
6305 /* OK, so left of the bar is the server's cookie and
Willy Tarreauf64d1412010-10-07 20:06:11 +02006306 * right is the last seen date. It is a base64 encoded
6307 * 30-bit value representing the UNIX date since the
6308 * epoch in 4-second quantities.
Willy Tarreaubca99692010-10-06 19:25:55 +02006309 */
Willy Tarreauf64d1412010-10-07 20:06:11 +02006310 int val;
Willy Tarreaubca99692010-10-06 19:25:55 +02006311 delim = vbar1++;
Willy Tarreauf64d1412010-10-07 20:06:11 +02006312 if (val_end - vbar1 >= 5) {
6313 val = b64tos30(vbar1);
6314 if (val > 0)
6315 txn->cookie_last_date = val << 2;
6316 }
6317 /* look for a second vertical bar */
6318 vbar1 = memchr(vbar1, COOKIE_DELIM_DATE, val_end - vbar1);
6319 if (vbar1 && (val_end - vbar1 > 5)) {
6320 val = b64tos30(vbar1 + 1);
6321 if (val > 0)
6322 txn->cookie_first_date = val << 2;
6323 }
Willy Tarreaubca99692010-10-06 19:25:55 +02006324 }
6325 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006326
Willy Tarreauf64d1412010-10-07 20:06:11 +02006327 /* if the cookie has an expiration date and the proxy wants to check
6328 * it, then we do that now. We first check if the cookie is too old,
6329 * then only if it has expired. We detect strict overflow because the
6330 * time resolution here is not great (4 seconds). Cookies with dates
6331 * in the future are ignored if their offset is beyond one day. This
6332 * allows an admin to fix timezone issues without expiring everyone
6333 * and at the same time avoids keeping unwanted side effects for too
6334 * long.
6335 */
6336 if (txn->cookie_first_date && t->be->cookie_maxlife &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02006337 (((signed)(date.tv_sec - txn->cookie_first_date) > (signed)t->be->cookie_maxlife) ||
6338 ((signed)(txn->cookie_first_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02006339 txn->flags &= ~TX_CK_MASK;
6340 txn->flags |= TX_CK_OLD;
6341 delim = val_beg; // let's pretend we have not found the cookie
6342 txn->cookie_first_date = 0;
6343 txn->cookie_last_date = 0;
6344 }
6345 else if (txn->cookie_last_date && t->be->cookie_maxidle &&
Willy Tarreauef4f3912010-10-07 21:00:29 +02006346 (((signed)(date.tv_sec - txn->cookie_last_date) > (signed)t->be->cookie_maxidle) ||
6347 ((signed)(txn->cookie_last_date - date.tv_sec) > 86400))) {
Willy Tarreauf64d1412010-10-07 20:06:11 +02006348 txn->flags &= ~TX_CK_MASK;
6349 txn->flags |= TX_CK_EXPIRED;
6350 delim = val_beg; // let's pretend we have not found the cookie
6351 txn->cookie_first_date = 0;
6352 txn->cookie_last_date = 0;
6353 }
6354
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006355 /* Here, we'll look for the first running server which supports the cookie.
6356 * This allows to share a same cookie between several servers, for example
6357 * to dedicate backup servers to specific servers only.
6358 * However, to prevent clients from sticking to cookie-less backup server
6359 * when they have incidentely learned an empty cookie, we simply ignore
6360 * empty cookies and mark them as invalid.
6361 * The same behaviour is applied when persistence must be ignored.
6362 */
6363 if ((delim == val_beg) || (t->flags & SN_IGNORE_PRST))
6364 srv = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006365
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006366 while (srv) {
6367 if (srv->cookie && (srv->cklen == delim - val_beg) &&
6368 !memcmp(val_beg, srv->cookie, delim - val_beg)) {
6369 if ((srv->state & SRV_RUNNING) ||
6370 (t->be->options & PR_O_PERSIST) ||
6371 (t->flags & SN_FORCE_PRST)) {
6372 /* we found the server and we can use it */
6373 txn->flags &= ~TX_CK_MASK;
6374 txn->flags |= (srv->state & SRV_RUNNING) ? TX_CK_VALID : TX_CK_DOWN;
6375 t->flags |= SN_DIRECT | SN_ASSIGNED;
6376 t->srv = srv;
Willy Tarreau9e000c62011-03-10 14:03:36 +01006377 set_target_server(&t->target, srv);
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006378 break;
6379 } else {
6380 /* we found a server, but it's down,
6381 * mark it as such and go on in case
6382 * another one is available.
6383 */
6384 txn->flags &= ~TX_CK_MASK;
6385 txn->flags |= TX_CK_DOWN;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006386 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006387 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006388 srv = srv->next;
6389 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006390
Willy Tarreauf64d1412010-10-07 20:06:11 +02006391 if (!srv && !(txn->flags & (TX_CK_DOWN|TX_CK_EXPIRED|TX_CK_OLD))) {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006392 /* no server matched this cookie */
6393 txn->flags &= ~TX_CK_MASK;
6394 txn->flags |= TX_CK_INVALID;
6395 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006396
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006397 /* depending on the cookie mode, we may have to either :
6398 * - delete the complete cookie if we're in insert+indirect mode, so that
6399 * the server never sees it ;
6400 * - remove the server id from the cookie value, and tag the cookie as an
6401 * application cookie so that it does not get accidentely removed later,
6402 * if we're in cookie prefix mode
6403 */
6404 if ((t->be->options & PR_O_COOK_PFX) && (delim != val_end)) {
6405 int delta; /* negative */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006406
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006407 delta = buffer_replace2(req, val_beg, delim + 1, NULL, 0);
6408 val_end += delta;
6409 next += delta;
6410 hdr_end += delta;
6411 hdr_next += delta;
6412 cur_hdr->len += delta;
6413 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006414
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006415 del_from = NULL;
6416 preserve_hdr = 1; /* we want to keep this cookie */
6417 }
6418 else if (del_from == NULL &&
6419 (t->be->options & (PR_O_COOK_INS | PR_O_COOK_IND)) == (PR_O_COOK_INS | PR_O_COOK_IND)) {
6420 del_from = prev;
6421 }
6422 } else {
6423 /* This is not our cookie, so we must preserve it. But if we already
6424 * scheduled another cookie for removal, we cannot remove the
6425 * complete header, but we can remove the previous block itself.
6426 */
6427 preserve_hdr = 1;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006428
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006429 if (del_from != NULL) {
6430 int delta = del_hdr_value(req, &del_from, prev);
Willy Tarreaub8105542010-11-24 18:31:28 +01006431 if (att_beg >= del_from)
6432 att_beg += delta;
6433 if (att_end >= del_from)
6434 att_end += delta;
6435 val_beg += delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006436 val_end += delta;
6437 next += delta;
6438 hdr_end += delta;
6439 hdr_next += delta;
6440 cur_hdr->len += delta;
6441 http_msg_move_end(&txn->req, delta);
6442 prev = del_from;
6443 del_from = NULL;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006444 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006445 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006446
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006447 /* Look for the appsession cookie unless persistence must be ignored */
6448 if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
6449 int cmp_len, value_len;
6450 char *value_begin;
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02006451
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006452 if (t->be->options2 & PR_O2_AS_PFX) {
6453 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
6454 value_begin = att_beg + t->be->appsession_name_len;
6455 value_len = val_end - att_beg - t->be->appsession_name_len;
6456 } else {
6457 cmp_len = att_end - att_beg;
6458 value_begin = val_beg;
6459 value_len = val_end - val_beg;
6460 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01006461
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006462 /* let's see if the cookie is our appcookie */
6463 if (cmp_len == t->be->appsession_name_len &&
6464 memcmp(att_beg, t->be->appsession_name, cmp_len) == 0) {
6465 manage_client_side_appsession(t, value_begin, value_len);
6466 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006467 }
6468
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006469 /* continue with next cookie on this header line */
6470 att_beg = next;
6471 } /* for each cookie */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006472
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006473 /* There are no more cookies on this line.
6474 * We may still have one (or several) marked for deletion at the
6475 * end of the line. We must do this now in two ways :
6476 * - if some cookies must be preserved, we only delete from the
6477 * mark to the end of line ;
6478 * - if nothing needs to be preserved, simply delete the whole header
Willy Tarreau58f10d72006-12-04 02:26:12 +01006479 */
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006480 if (del_from) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01006481 int delta;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006482 if (preserve_hdr) {
6483 delta = del_hdr_value(req, &del_from, hdr_end);
6484 hdr_end = del_from;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006485 cur_hdr->len += delta;
6486 } else {
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006487 delta = buffer_replace2(req, hdr_beg, hdr_next, NULL, 0);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006488
6489 /* FIXME: this should be a separate function */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01006490 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6491 txn->hdr_idx.used--;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006492 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01006493 cur_idx = old_idx;
Willy Tarreau58f10d72006-12-04 02:26:12 +01006494 }
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006495 hdr_next += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006496 http_msg_move_end(&txn->req, delta);
Willy Tarreau58f10d72006-12-04 02:26:12 +01006497 }
6498
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006499 /* check next header */
Willy Tarreau58f10d72006-12-04 02:26:12 +01006500 old_idx = cur_idx;
Willy Tarreaueb7b0a22010-08-31 16:45:02 +02006501 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01006502}
6503
6504
Willy Tarreaua15645d2007-03-18 16:22:39 +01006505/* Iterate the same filter through all response headers contained in <rtr>.
6506 * Returns 1 if this filter can be stopped upon return, otherwise 0.
6507 */
6508int apply_filter_to_resp_headers(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
6509{
6510 char term;
6511 char *cur_ptr, *cur_end, *cur_next;
6512 int cur_idx, old_idx, last_hdr;
6513 struct http_txn *txn = &t->txn;
6514 struct hdr_idx_elem *cur_hdr;
6515 int len, delta;
6516
6517 last_hdr = 0;
6518
Willy Tarreau962c3f42010-01-10 00:15:35 +01006519 cur_next = txn->rsp.sol + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006520 old_idx = 0;
6521
6522 while (!last_hdr) {
Willy Tarreau3d300592007-03-18 18:34:41 +01006523 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01006524 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006525 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01006526 (exp->action == ACT_ALLOW ||
6527 exp->action == ACT_DENY))
6528 return 0;
6529
6530 cur_idx = txn->hdr_idx.v[old_idx].next;
6531 if (!cur_idx)
6532 break;
6533
6534 cur_hdr = &txn->hdr_idx.v[cur_idx];
6535 cur_ptr = cur_next;
6536 cur_end = cur_ptr + cur_hdr->len;
6537 cur_next = cur_end + cur_hdr->cr + 1;
6538
6539 /* Now we have one header between cur_ptr and cur_end,
6540 * and the next header starts at cur_next.
6541 */
6542
6543 /* The annoying part is that pattern matching needs
6544 * that we modify the contents to null-terminate all
6545 * strings before testing them.
6546 */
6547
6548 term = *cur_end;
6549 *cur_end = '\0';
6550
6551 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6552 switch (exp->action) {
6553 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006554 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006555 last_hdr = 1;
6556 break;
6557
6558 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006559 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006560 last_hdr = 1;
6561 break;
6562
6563 case ACT_REPLACE:
6564 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
6565 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
6566 /* FIXME: if the user adds a newline in the replacement, the
6567 * index will not be recalculated for now, and the new line
6568 * will not be counted as a new header.
6569 */
6570
6571 cur_end += delta;
6572 cur_next += delta;
6573 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01006574 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006575 break;
6576
6577 case ACT_REMOVE:
6578 delta = buffer_replace2(rtr, cur_ptr, cur_next, NULL, 0);
6579 cur_next += delta;
6580
Willy Tarreaufa355d42009-11-29 18:12:29 +01006581 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006582 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6583 txn->hdr_idx.used--;
6584 cur_hdr->len = 0;
6585 cur_end = NULL; /* null-term has been rewritten */
Willy Tarreau26db59e2010-11-28 06:57:24 +01006586 cur_idx = old_idx;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006587 break;
6588
6589 }
6590 }
6591 if (cur_end)
6592 *cur_end = term; /* restore the string terminator */
6593
6594 /* keep the link from this header to next one in case of later
6595 * removal of next header.
6596 */
6597 old_idx = cur_idx;
6598 }
6599 return 0;
6600}
6601
6602
6603/* Apply the filter to the status line in the response buffer <rtr>.
6604 * Returns 0 if nothing has been done, 1 if the filter has been applied,
6605 * or -1 if a replacement resulted in an invalid status line.
6606 */
6607int apply_filter_to_sts_line(struct session *t, struct buffer *rtr, struct hdr_exp *exp)
6608{
6609 char term;
6610 char *cur_ptr, *cur_end;
6611 int done;
6612 struct http_txn *txn = &t->txn;
6613 int len, delta;
6614
6615
Willy Tarreau3d300592007-03-18 18:34:41 +01006616 if (unlikely(txn->flags & TX_SVDENY))
Willy Tarreaua15645d2007-03-18 16:22:39 +01006617 return 1;
Willy Tarreau3d300592007-03-18 18:34:41 +01006618 else if (unlikely(txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01006619 (exp->action == ACT_ALLOW ||
6620 exp->action == ACT_DENY))
6621 return 0;
6622 else if (exp->action == ACT_REMOVE)
6623 return 0;
6624
6625 done = 0;
6626
Willy Tarreau962c3f42010-01-10 00:15:35 +01006627 cur_ptr = txn->rsp.sol;
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02006628 cur_end = cur_ptr + txn->rsp.sl.st.l;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006629
6630 /* Now we have the status line between cur_ptr and cur_end */
6631
6632 /* The annoying part is that pattern matching needs
6633 * that we modify the contents to null-terminate all
6634 * strings before testing them.
6635 */
6636
6637 term = *cur_end;
6638 *cur_end = '\0';
6639
6640 if (regexec(exp->preg, cur_ptr, MAX_MATCH, pmatch, 0) == 0) {
6641 switch (exp->action) {
6642 case ACT_ALLOW:
Willy Tarreau3d300592007-03-18 18:34:41 +01006643 txn->flags |= TX_SVALLOW;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006644 done = 1;
6645 break;
6646
6647 case ACT_DENY:
Willy Tarreau3d300592007-03-18 18:34:41 +01006648 txn->flags |= TX_SVDENY;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006649 done = 1;
6650 break;
6651
6652 case ACT_REPLACE:
6653 *cur_end = term; /* restore the string terminator */
6654 len = exp_replace(trash, cur_ptr, exp->replace, pmatch);
6655 delta = buffer_replace2(rtr, cur_ptr, cur_end, trash, len);
6656 /* FIXME: if the user adds a newline in the replacement, the
6657 * index will not be recalculated for now, and the new line
6658 * will not be counted as a new header.
6659 */
6660
Willy Tarreaufa355d42009-11-29 18:12:29 +01006661 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006662 cur_end += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006663 cur_end = (char *)http_parse_stsline(&txn->rsp, rtr->data,
Willy Tarreau02785762007-04-03 14:45:44 +02006664 HTTP_MSG_RPVER,
Willy Tarreaua15645d2007-03-18 16:22:39 +01006665 cur_ptr, cur_end + 1,
6666 NULL, NULL);
6667 if (unlikely(!cur_end))
6668 return -1;
6669
6670 /* we have a full respnse and we know that we have either a CR
6671 * or an LF at <ptr>.
6672 */
Willy Tarreau962c3f42010-01-10 00:15:35 +01006673 txn->status = strl2ui(txn->rsp.sol + txn->rsp.sl.st.c, txn->rsp.sl.st.c_l);
Willy Tarreau1ba0e5f2010-06-07 13:57:32 +02006674 hdr_idx_set_start(&txn->hdr_idx, txn->rsp.sl.st.l, *cur_end == '\r');
Willy Tarreaua15645d2007-03-18 16:22:39 +01006675 /* there is no point trying this regex on headers */
6676 return 1;
6677 }
6678 }
6679 *cur_end = term; /* restore the string terminator */
6680 return done;
6681}
6682
6683
6684
6685/*
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006686 * Apply all the resp filters of proxy <px> to all headers in buffer <rtr> of session <s>.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006687 * Returns 0 if everything is alright, or -1 in case a replacement lead to an
6688 * unparsable response.
6689 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006690int apply_filters_to_response(struct session *s, struct buffer *rtr, struct proxy *px)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006691{
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006692 struct http_txn *txn = &s->txn;
6693 struct hdr_exp *exp;
6694
6695 for (exp = px->rsp_exp; exp; exp = exp->next) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01006696 int ret;
6697
6698 /*
6699 * The interleaving of transformations and verdicts
6700 * makes it difficult to decide to continue or stop
6701 * the evaluation.
6702 */
6703
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006704 if (txn->flags & TX_SVDENY)
6705 break;
6706
Willy Tarreau3d300592007-03-18 18:34:41 +01006707 if ((txn->flags & TX_SVALLOW) &&
Willy Tarreaua15645d2007-03-18 16:22:39 +01006708 (exp->action == ACT_ALLOW || exp->action == ACT_DENY ||
6709 exp->action == ACT_PASS)) {
6710 exp = exp->next;
6711 continue;
6712 }
6713
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006714 /* if this filter had a condition, evaluate it now and skip to
6715 * next filter if the condition does not match.
6716 */
6717 if (exp->cond) {
6718 ret = acl_exec_cond(exp->cond, px, s, txn, ACL_DIR_RTR);
6719 ret = acl_pass(ret);
6720 if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
6721 ret = !ret;
6722 if (!ret)
6723 continue;
6724 }
6725
Willy Tarreaua15645d2007-03-18 16:22:39 +01006726 /* Apply the filter to the status line. */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006727 ret = apply_filter_to_sts_line(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006728 if (unlikely(ret < 0))
6729 return -1;
6730
6731 if (likely(ret == 0)) {
6732 /* The filter did not match the response, it can be
6733 * iterated through all headers.
6734 */
Willy Tarreaufdb563c2010-01-31 15:43:27 +01006735 apply_filter_to_resp_headers(s, rtr, exp);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006736 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006737 }
6738 return 0;
6739}
6740
6741
Willy Tarreaua15645d2007-03-18 16:22:39 +01006742/*
Willy Tarreau396d2c62007-11-04 19:30:00 +01006743 * Manage server-side cookies. It can impact performance by about 2% so it is
Willy Tarreau24581ba2010-08-31 22:39:35 +02006744 * desirable to call it only when needed. This function is also used when we
6745 * just need to know if there is a cookie (eg: for check-cache).
Willy Tarreaua15645d2007-03-18 16:22:39 +01006746 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02006747void manage_server_side_cookies(struct session *t, struct buffer *res)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006748{
6749 struct http_txn *txn = &t->txn;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006750 int is_cookie2;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006751 int cur_idx, old_idx, delta;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006752 char *hdr_beg, *hdr_end, *hdr_next;
6753 char *prev, *att_beg, *att_end, *equal, *val_beg, *val_end, *next;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006754
Willy Tarreaua15645d2007-03-18 16:22:39 +01006755 /* Iterate through the headers.
6756 * we start with the start line.
6757 */
6758 old_idx = 0;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006759 hdr_next = txn->rsp.sol + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01006760
6761 while ((cur_idx = txn->hdr_idx.v[old_idx].next)) {
6762 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006763 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006764
6765 cur_hdr = &txn->hdr_idx.v[cur_idx];
Willy Tarreau24581ba2010-08-31 22:39:35 +02006766 hdr_beg = hdr_next;
6767 hdr_end = hdr_beg + cur_hdr->len;
6768 hdr_next = hdr_end + cur_hdr->cr + 1;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006769
Willy Tarreau24581ba2010-08-31 22:39:35 +02006770 /* We have one full header between hdr_beg and hdr_end, and the
6771 * next header starts at hdr_next. We're only interested in
6772 * "Set-Cookie" and "Set-Cookie2" headers.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006773 */
6774
Willy Tarreau24581ba2010-08-31 22:39:35 +02006775 is_cookie2 = 0;
6776 prev = hdr_beg + 10;
6777 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie", 10);
Willy Tarreauaa9dce32007-03-18 23:50:16 +01006778 if (!val) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02006779 val = http_header_match2(hdr_beg, hdr_end, "Set-Cookie2", 11);
6780 if (!val) {
6781 old_idx = cur_idx;
6782 continue;
6783 }
6784 is_cookie2 = 1;
6785 prev = hdr_beg + 11;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006786 }
6787
Willy Tarreau24581ba2010-08-31 22:39:35 +02006788 /* OK, right now we know we have a Set-Cookie* at hdr_beg, and
6789 * <prev> points to the colon.
6790 */
Willy Tarreauf1348312010-10-07 15:54:11 +02006791 txn->flags |= TX_SCK_PRESENT;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006792
Willy Tarreau24581ba2010-08-31 22:39:35 +02006793 /* Maybe we only wanted to see if there was a Set-Cookie (eg:
6794 * check-cache is enabled) and we are not interested in checking
6795 * them. Warning, the cookie capture is declared in the frontend.
Willy Tarreaufd39dda2008-10-17 12:01:58 +02006796 */
Willy Tarreaue2e27a52007-04-01 00:01:37 +02006797 if (t->be->cookie_name == NULL &&
6798 t->be->appsession_name == NULL &&
Willy Tarreaufd39dda2008-10-17 12:01:58 +02006799 t->fe->capture_name == NULL)
Willy Tarreaua15645d2007-03-18 16:22:39 +01006800 return;
6801
Willy Tarreau24581ba2010-08-31 22:39:35 +02006802 /* OK so now we know we have to process this response cookie.
6803 * The format of the Set-Cookie header is slightly different
6804 * from the format of the Cookie header in that it does not
6805 * support the comma as a cookie delimiter (thus the header
6806 * cannot be folded) because the Expires attribute described in
6807 * the original Netscape's spec may contain an unquoted date
6808 * with a comma inside. We have to live with this because
6809 * many browsers don't support Max-Age and some browsers don't
6810 * support quoted strings. However the Set-Cookie2 header is
6811 * clean.
6812 *
6813 * We have to keep multiple pointers in order to support cookie
6814 * removal at the beginning, middle or end of header without
6815 * corrupting the header (in case of set-cookie2). A special
6816 * pointer, <scav> points to the beginning of the set-cookie-av
6817 * fields after the first semi-colon. The <next> pointer points
6818 * either to the end of line (set-cookie) or next unquoted comma
6819 * (set-cookie2). All of these headers are valid :
6820 *
6821 * Set-Cookie: NAME1 = VALUE 1 ; Secure; Path="/"\r\n
6822 * Set-Cookie:NAME=VALUE; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
6823 * Set-Cookie: NAME = VALUE ; Secure; Expires=Thu, 01-Jan-1970 00:00:01 GMT\r\n
6824 * Set-Cookie2: NAME1 = VALUE 1 ; Max-Age=0, NAME2=VALUE2; Discard\r\n
6825 * | | | | | | | | | |
6826 * | | | | | | | | +-> next hdr_end <--+
6827 * | | | | | | | +------------> scav
6828 * | | | | | | +--------------> val_end
6829 * | | | | | +--------------------> val_beg
6830 * | | | | +----------------------> equal
6831 * | | | +------------------------> att_end
6832 * | | +----------------------------> att_beg
6833 * | +------------------------------> prev
6834 * +-----------------------------------------> hdr_beg
6835 */
Willy Tarreaua15645d2007-03-18 16:22:39 +01006836
Willy Tarreau24581ba2010-08-31 22:39:35 +02006837 for (; prev < hdr_end; prev = next) {
6838 /* Iterate through all cookies on this line */
Willy Tarreaua15645d2007-03-18 16:22:39 +01006839
Willy Tarreau24581ba2010-08-31 22:39:35 +02006840 /* find att_beg */
6841 att_beg = prev + 1;
6842 while (att_beg < hdr_end && http_is_spht[(unsigned char)*att_beg])
6843 att_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006844
Willy Tarreau24581ba2010-08-31 22:39:35 +02006845 /* find att_end : this is the first character after the last non
6846 * space before the equal. It may be equal to hdr_end.
6847 */
6848 equal = att_end = att_beg;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006849
Willy Tarreau24581ba2010-08-31 22:39:35 +02006850 while (equal < hdr_end) {
6851 if (*equal == '=' || *equal == ';' || (is_cookie2 && *equal == ','))
6852 break;
6853 if (http_is_spht[(unsigned char)*equal++])
6854 continue;
6855 att_end = equal;
6856 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006857
Willy Tarreau24581ba2010-08-31 22:39:35 +02006858 /* here, <equal> points to '=', a delimitor or the end. <att_end>
6859 * is between <att_beg> and <equal>, both may be identical.
6860 */
6861
6862 /* look for end of cookie if there is an equal sign */
6863 if (equal < hdr_end && *equal == '=') {
6864 /* look for the beginning of the value */
6865 val_beg = equal + 1;
6866 while (val_beg < hdr_end && http_is_spht[(unsigned char)*val_beg])
6867 val_beg++;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006868
Willy Tarreau24581ba2010-08-31 22:39:35 +02006869 /* find the end of the value, respecting quotes */
6870 next = find_cookie_value_end(val_beg, hdr_end);
6871
6872 /* make val_end point to the first white space or delimitor after the value */
6873 val_end = next;
6874 while (val_end > val_beg && http_is_spht[(unsigned char)*(val_end - 1)])
6875 val_end--;
6876 } else {
6877 /* <equal> points to next comma, semi-colon or EOL */
6878 val_beg = val_end = next = equal;
6879 }
6880
6881 if (next < hdr_end) {
6882 /* Set-Cookie2 supports multiple cookies, and <next> points to
6883 * a colon or semi-colon before the end. So skip all attr-value
6884 * pairs and look for the next comma. For Set-Cookie, since
6885 * commas are permitted in values, skip to the end.
6886 */
6887 if (is_cookie2)
6888 next = find_hdr_value_end(next, hdr_end);
6889 else
6890 next = hdr_end;
6891 }
6892
6893 /* Now everything is as on the diagram above */
6894
6895 /* Ignore cookies with no equal sign */
6896 if (equal == val_end)
6897 continue;
6898
6899 /* If there are spaces around the equal sign, we need to
6900 * strip them otherwise we'll get trouble for cookie captures,
6901 * or even for rewrites. Since this happens extremely rarely,
6902 * it does not hurt performance.
Willy Tarreaua15645d2007-03-18 16:22:39 +01006903 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02006904 if (unlikely(att_end != equal || val_beg > equal + 1)) {
6905 int stripped_before = 0;
6906 int stripped_after = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006907
Willy Tarreau24581ba2010-08-31 22:39:35 +02006908 if (att_end != equal) {
6909 stripped_before = buffer_replace2(res, att_end, equal, NULL, 0);
6910 equal += stripped_before;
6911 val_beg += stripped_before;
6912 }
6913
6914 if (val_beg > equal + 1) {
6915 stripped_after = buffer_replace2(res, equal + 1, val_beg, NULL, 0);
6916 val_beg += stripped_after;
6917 stripped_before += stripped_after;
6918 }
6919
6920 val_end += stripped_before;
6921 next += stripped_before;
6922 hdr_end += stripped_before;
6923 hdr_next += stripped_before;
6924 cur_hdr->len += stripped_before;
6925 http_msg_move_end(&txn->req, stripped_before);
6926 }
6927
6928 /* First, let's see if we want to capture this cookie. We check
6929 * that we don't already have a server side cookie, because we
6930 * can only capture one. Also as an optimisation, we ignore
6931 * cookies shorter than the declared name.
6932 */
Willy Tarreaufd39dda2008-10-17 12:01:58 +02006933 if (t->fe->capture_name != NULL &&
Willy Tarreau3bac9ff2007-03-18 17:31:28 +01006934 txn->srv_cookie == NULL &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02006935 (val_end - att_beg >= t->fe->capture_namelen) &&
6936 memcmp(att_beg, t->fe->capture_name, t->fe->capture_namelen) == 0) {
6937 int log_len = val_end - att_beg;
Willy Tarreau086b3b42007-05-13 21:45:51 +02006938 if ((txn->srv_cookie = pool_alloc2(pool2_capture)) == NULL) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01006939 Alert("HTTP logging : out of memory.\n");
6940 }
Willy Tarreauf70fc752010-11-19 11:27:18 +01006941 else {
6942 if (log_len > t->fe->capture_len)
6943 log_len = t->fe->capture_len;
6944 memcpy(txn->srv_cookie, att_beg, log_len);
6945 txn->srv_cookie[log_len] = 0;
6946 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01006947 }
6948
6949 /* now check if we need to process it for persistence */
Willy Tarreau24581ba2010-08-31 22:39:35 +02006950 if (!(t->flags & SN_IGNORE_PRST) &&
6951 (att_end - att_beg == t->be->cookie_len) && (t->be->cookie_name != NULL) &&
6952 (memcmp(att_beg, t->be->cookie_name, att_end - att_beg) == 0)) {
Willy Tarreauf1348312010-10-07 15:54:11 +02006953 /* assume passive cookie by default */
6954 txn->flags &= ~TX_SCK_MASK;
6955 txn->flags |= TX_SCK_FOUND;
Willy Tarreaua15645d2007-03-18 16:22:39 +01006956
6957 /* If the cookie is in insert mode on a known server, we'll delete
6958 * this occurrence because we'll insert another one later.
6959 * We'll delete it too if the "indirect" option is set and we're in
Willy Tarreau24581ba2010-08-31 22:39:35 +02006960 * a direct access.
6961 */
Willy Tarreauba4c5be2010-10-23 12:46:42 +02006962 if (t->be->options2 & PR_O2_COOK_PSV) {
6963 /* The "preserve" flag was set, we don't want to touch the
6964 * server's cookie.
6965 */
6966 }
6967 else if (((t->srv) && (t->be->options & PR_O_COOK_INS)) ||
Willy Tarreaue2e27a52007-04-01 00:01:37 +02006968 ((t->flags & SN_DIRECT) && (t->be->options & PR_O_COOK_IND))) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02006969 /* this cookie must be deleted */
6970 if (*prev == ':' && next == hdr_end) {
6971 /* whole header */
6972 delta = buffer_replace2(res, hdr_beg, hdr_next, NULL, 0);
6973 txn->hdr_idx.v[old_idx].next = cur_hdr->next;
6974 txn->hdr_idx.used--;
6975 cur_hdr->len = 0;
Willy Tarreau26db59e2010-11-28 06:57:24 +01006976 cur_idx = old_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006977 hdr_next += delta;
6978 http_msg_move_end(&txn->rsp, delta);
6979 /* note: while both invalid now, <next> and <hdr_end>
6980 * are still equal, so the for() will stop as expected.
6981 */
6982 } else {
6983 /* just remove the value */
6984 int delta = del_hdr_value(res, &prev, next);
6985 next = prev;
6986 hdr_end += delta;
6987 hdr_next += delta;
6988 cur_hdr->len += delta;
6989 http_msg_move_end(&txn->rsp, delta);
6990 }
Willy Tarreauf1348312010-10-07 15:54:11 +02006991 txn->flags &= ~TX_SCK_MASK;
Willy Tarreau3d300592007-03-18 18:34:41 +01006992 txn->flags |= TX_SCK_DELETED;
Willy Tarreau24581ba2010-08-31 22:39:35 +02006993 /* and go on with next cookie */
Willy Tarreaua15645d2007-03-18 16:22:39 +01006994 }
6995 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02006996 (t->be->options & PR_O_COOK_RW)) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02006997 /* replace bytes val_beg->val_end with the cookie name associated
Willy Tarreaua15645d2007-03-18 16:22:39 +01006998 * with this server since we know it.
6999 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007000 delta = buffer_replace2(res, val_beg, val_end, t->srv->cookie, t->srv->cklen);
7001 next += delta;
7002 hdr_end += delta;
7003 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007004 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007005 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007006
Willy Tarreauf1348312010-10-07 15:54:11 +02007007 txn->flags &= ~TX_SCK_MASK;
7008 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007009 }
7010 else if ((t->srv) && (t->srv->cookie) &&
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007011 (t->be->options & PR_O_COOK_PFX)) {
Willy Tarreaua15645d2007-03-18 16:22:39 +01007012 /* insert the cookie name associated with this server
Willy Tarreau24581ba2010-08-31 22:39:35 +02007013 * before existing cookie, and insert a delimiter between them..
Willy Tarreaua15645d2007-03-18 16:22:39 +01007014 */
Willy Tarreau24581ba2010-08-31 22:39:35 +02007015 delta = buffer_replace2(res, val_beg, val_beg, t->srv->cookie, t->srv->cklen + 1);
7016 next += delta;
7017 hdr_end += delta;
7018 hdr_next += delta;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007019 cur_hdr->len += delta;
Willy Tarreaufa355d42009-11-29 18:12:29 +01007020 http_msg_move_end(&txn->rsp, delta);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007021
Willy Tarreau24581ba2010-08-31 22:39:35 +02007022 val_beg[t->srv->cklen] = COOKIE_DELIM;
Willy Tarreauf1348312010-10-07 15:54:11 +02007023 txn->flags &= ~TX_SCK_MASK;
7024 txn->flags |= TX_SCK_REPLACED;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007025 }
7026 }
Cyril Bonté47fdd8e2010-04-25 00:00:51 +02007027 /* next, let's see if the cookie is our appcookie, unless persistence must be ignored */
7028 else if (!(t->flags & SN_IGNORE_PRST) && (t->be->appsession_name != NULL)) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007029 int cmp_len, value_len;
7030 char *value_begin;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007031
Cyril Bontéb21570a2009-11-29 20:04:48 +01007032 if (t->be->options2 & PR_O2_AS_PFX) {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007033 cmp_len = MIN(val_end - att_beg, t->be->appsession_name_len);
7034 value_begin = att_beg + t->be->appsession_name_len;
7035 value_len = MIN(t->be->appsession_len, val_end - att_beg - t->be->appsession_name_len);
Cyril Bontéb21570a2009-11-29 20:04:48 +01007036 } else {
Willy Tarreau24581ba2010-08-31 22:39:35 +02007037 cmp_len = att_end - att_beg;
7038 value_begin = val_beg;
7039 value_len = MIN(t->be->appsession_len, val_end - val_beg);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007040 }
Cyril Bontéb21570a2009-11-29 20:04:48 +01007041
Cyril Bonté17530c32010-04-06 21:11:10 +02007042 if ((cmp_len == t->be->appsession_name_len) &&
Willy Tarreau24581ba2010-08-31 22:39:35 +02007043 (memcmp(att_beg, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7044 /* free a possibly previously allocated memory */
7045 pool_free2(apools.sessid, txn->sessid);
7046
Cyril Bontéb21570a2009-11-29 20:04:48 +01007047 /* Store the sessid in the session for future use */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007048 if ((txn->sessid = pool_alloc2(apools.sessid)) == NULL) {
Cyril Bontéb21570a2009-11-29 20:04:48 +01007049 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7050 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
7051 return;
7052 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007053 memcpy(txn->sessid, value_begin, value_len);
7054 txn->sessid[value_len] = 0;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007055 }
Willy Tarreau24581ba2010-08-31 22:39:35 +02007056 }
7057 /* that's done for this cookie, check the next one on the same
7058 * line when next != hdr_end (only if is_cookie2).
7059 */
7060 }
7061 /* check next header */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007062 old_idx = cur_idx;
Willy Tarreau24581ba2010-08-31 22:39:35 +02007063 }
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007064
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007065 if (txn->sessid != NULL) {
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007066 appsess *asession = NULL;
7067 /* only do insert, if lookup fails */
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007068 asession = appsession_hash_lookup(&(t->be->htbl_proxy), txn->sessid);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007069 if (asession == NULL) {
Willy Tarreau1fac7532010-01-09 19:23:06 +01007070 size_t server_id_len;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007071 if ((asession = pool_alloc2(pool2_appsess)) == NULL) {
7072 Alert("Not enough Memory process_srv():asession:calloc().\n");
7073 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession:calloc().\n");
7074 return;
7075 }
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007076 asession->serverid = NULL; /* to avoid a double free in case of allocation error */
7077
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007078 if ((asession->sessid = pool_alloc2(apools.sessid)) == NULL) {
7079 Alert("Not enough Memory process_srv():asession->sessid:malloc().\n");
7080 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007081 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007082 return;
7083 }
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007084 memcpy(asession->sessid, txn->sessid, t->be->appsession_len);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007085 asession->sessid[t->be->appsession_len] = 0;
7086
Willy Tarreau1fac7532010-01-09 19:23:06 +01007087 server_id_len = strlen(t->srv->id) + 1;
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007088 if ((asession->serverid = pool_alloc2(apools.serverid)) == NULL) {
Willy Tarreau77eb9b82010-11-19 11:29:06 +01007089 Alert("Not enough Memory process_srv():asession->serverid:malloc().\n");
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007090 send_log(t->be, LOG_ALERT, "Not enough Memory process_srv():asession->sessid:malloc().\n");
Cyril Bonté41689c22010-01-10 00:30:14 +01007091 t->be->htbl_proxy.destroy(asession);
Cyril Bontébf47aeb2009-10-15 00:15:40 +02007092 return;
7093 }
7094 asession->serverid[0] = '\0';
7095 memcpy(asession->serverid, t->srv->id, server_id_len);
7096
7097 asession->request_count = 0;
7098 appsession_hash_insert(&(t->be->htbl_proxy), asession);
7099 }
7100
7101 asession->expire = tick_add_ifset(now_ms, t->be->timeout.appsession);
7102 asession->request_count++;
7103 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007104}
7105
7106
Willy Tarreaua15645d2007-03-18 16:22:39 +01007107/*
7108 * Check if response is cacheable or not. Updates t->flags.
7109 */
7110void check_response_for_cacheability(struct session *t, struct buffer *rtr)
7111{
7112 struct http_txn *txn = &t->txn;
7113 char *p1, *p2;
7114
7115 char *cur_ptr, *cur_end, *cur_next;
7116 int cur_idx;
7117
Willy Tarreau5df51872007-11-25 16:20:08 +01007118 if (!(txn->flags & TX_CACHEABLE))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007119 return;
7120
7121 /* Iterate through the headers.
7122 * we start with the start line.
7123 */
7124 cur_idx = 0;
Willy Tarreau962c3f42010-01-10 00:15:35 +01007125 cur_next = txn->rsp.sol + hdr_idx_first_pos(&txn->hdr_idx);
Willy Tarreaua15645d2007-03-18 16:22:39 +01007126
7127 while ((cur_idx = txn->hdr_idx.v[cur_idx].next)) {
7128 struct hdr_idx_elem *cur_hdr;
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007129 int val;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007130
7131 cur_hdr = &txn->hdr_idx.v[cur_idx];
7132 cur_ptr = cur_next;
7133 cur_end = cur_ptr + cur_hdr->len;
7134 cur_next = cur_end + cur_hdr->cr + 1;
7135
7136 /* We have one full header between cur_ptr and cur_end, and the
7137 * next header starts at cur_next. We're only interested in
7138 * "Cookie:" headers.
7139 */
7140
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007141 val = http_header_match2(cur_ptr, cur_end, "Pragma", 6);
7142 if (val) {
7143 if ((cur_end - (cur_ptr + val) >= 8) &&
7144 strncasecmp(cur_ptr + val, "no-cache", 8) == 0) {
7145 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
7146 return;
7147 }
Willy Tarreaua15645d2007-03-18 16:22:39 +01007148 }
7149
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007150 val = http_header_match2(cur_ptr, cur_end, "Cache-control", 13);
7151 if (!val)
Willy Tarreaua15645d2007-03-18 16:22:39 +01007152 continue;
7153
7154 /* OK, right now we know we have a cache-control header at cur_ptr */
7155
Willy Tarreauaa9dce32007-03-18 23:50:16 +01007156 p1 = cur_ptr + val; /* first non-space char after 'cache-control:' */
Willy Tarreaua15645d2007-03-18 16:22:39 +01007157
7158 if (p1 >= cur_end) /* no more info */
7159 continue;
7160
7161 /* p1 is at the beginning of the value */
7162 p2 = p1;
7163
Willy Tarreau8f8e6452007-06-17 21:51:38 +02007164 while (p2 < cur_end && *p2 != '=' && *p2 != ',' && !isspace((unsigned char)*p2))
Willy Tarreaua15645d2007-03-18 16:22:39 +01007165 p2++;
7166
7167 /* we have a complete value between p1 and p2 */
7168 if (p2 < cur_end && *p2 == '=') {
7169 /* we have something of the form no-cache="set-cookie" */
7170 if ((cur_end - p1 >= 21) &&
7171 strncasecmp(p1, "no-cache=\"set-cookie", 20) == 0
7172 && (p1[20] == '"' || p1[20] == ','))
Willy Tarreau3d300592007-03-18 18:34:41 +01007173 txn->flags &= ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007174 continue;
7175 }
7176
7177 /* OK, so we know that either p2 points to the end of string or to a comma */
7178 if (((p2 - p1 == 7) && strncasecmp(p1, "private", 7) == 0) ||
7179 ((p2 - p1 == 8) && strncasecmp(p1, "no-store", 8) == 0) ||
7180 ((p2 - p1 == 9) && strncasecmp(p1, "max-age=0", 9) == 0) ||
7181 ((p2 - p1 == 10) && strncasecmp(p1, "s-maxage=0", 10) == 0)) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007182 txn->flags &= ~TX_CACHEABLE & ~TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007183 return;
7184 }
7185
7186 if ((p2 - p1 == 6) && strncasecmp(p1, "public", 6) == 0) {
Willy Tarreau3d300592007-03-18 18:34:41 +01007187 txn->flags |= TX_CACHEABLE | TX_CACHE_COOK;
Willy Tarreaua15645d2007-03-18 16:22:39 +01007188 continue;
7189 }
7190 }
7191}
7192
7193
Willy Tarreau58f10d72006-12-04 02:26:12 +01007194/*
7195 * Try to retrieve a known appsession in the URI, then the associated server.
7196 * If the server is found, it's assigned to the session.
7197 */
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007198void get_srv_from_appsession(struct session *t, const char *begin, int len)
Willy Tarreau58f10d72006-12-04 02:26:12 +01007199{
Cyril Bontéb21570a2009-11-29 20:04:48 +01007200 char *end_params, *first_param, *cur_param, *next_param;
7201 char separator;
7202 int value_len;
7203
7204 int mode = t->be->options2 & PR_O2_AS_M_ANY;
Willy Tarreau58f10d72006-12-04 02:26:12 +01007205
Willy Tarreaue2e27a52007-04-01 00:01:37 +02007206 if (t->be->appsession_name == NULL ||
Cyril Bonté17530c32010-04-06 21:11:10 +02007207 (t->txn.meth != HTTP_METH_GET && t->txn.meth != HTTP_METH_POST && t->txn.meth != HTTP_METH_HEAD)) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007208 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007209 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007210
Cyril Bontéb21570a2009-11-29 20:04:48 +01007211 first_param = NULL;
7212 switch (mode) {
7213 case PR_O2_AS_M_PP:
7214 first_param = memchr(begin, ';', len);
7215 break;
7216 case PR_O2_AS_M_QS:
7217 first_param = memchr(begin, '?', len);
7218 break;
7219 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007220
Cyril Bontéb21570a2009-11-29 20:04:48 +01007221 if (first_param == NULL) {
Willy Tarreau58f10d72006-12-04 02:26:12 +01007222 return;
Cyril Bontéb21570a2009-11-29 20:04:48 +01007223 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007224
Cyril Bontéb21570a2009-11-29 20:04:48 +01007225 switch (mode) {
7226 case PR_O2_AS_M_PP:
7227 if ((end_params = memchr(first_param, '?', len - (begin - first_param))) == NULL) {
7228 end_params = (char *) begin + len;
7229 }
7230 separator = ';';
7231 break;
7232 case PR_O2_AS_M_QS:
7233 end_params = (char *) begin + len;
7234 separator = '&';
7235 break;
7236 default:
7237 /* unknown mode, shouldn't happen */
7238 return;
7239 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007240
Cyril Bontéb21570a2009-11-29 20:04:48 +01007241 cur_param = next_param = end_params;
7242 while (cur_param > first_param) {
7243 cur_param--;
7244 if ((cur_param[0] == separator) || (cur_param == first_param)) {
7245 /* let's see if this is the appsession parameter */
7246 if ((cur_param + t->be->appsession_name_len + 1 < next_param) &&
7247 ((t->be->options2 & PR_O2_AS_PFX) || cur_param[t->be->appsession_name_len + 1] == '=') &&
7248 (strncasecmp(cur_param + 1, t->be->appsession_name, t->be->appsession_name_len) == 0)) {
7249 /* Cool... it's the right one */
7250 cur_param += t->be->appsession_name_len + (t->be->options2 & PR_O2_AS_PFX ? 1 : 2);
7251 value_len = MIN(t->be->appsession_len, next_param - cur_param);
7252 if (value_len > 0) {
7253 manage_client_side_appsession(t, cur_param, value_len);
7254 }
7255 break;
7256 }
7257 next_param = cur_param;
7258 }
7259 }
Willy Tarreau58f10d72006-12-04 02:26:12 +01007260#if defined(DEBUG_HASH)
Aleksandar Lazic697bbb02008-08-13 19:57:02 +02007261 Alert("get_srv_from_appsession\n");
Willy Tarreau51041c72007-09-09 21:56:53 +02007262 appsession_hash_dump(&(t->be->htbl_proxy));
Willy Tarreau58f10d72006-12-04 02:26:12 +01007263#endif
Willy Tarreau58f10d72006-12-04 02:26:12 +01007264}
7265
Willy Tarreaub2513902006-12-17 14:52:38 +01007266/*
Cyril Bonté70be45d2010-10-12 00:14:35 +02007267 * In a GET, HEAD or POST request, check if the requested URI matches the stats uri
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007268 * for the current backend.
Willy Tarreaub2513902006-12-17 14:52:38 +01007269 *
Cyril Bonté70be45d2010-10-12 00:14:35 +02007270 * It is assumed that the request is either a HEAD, GET, or POST and that the
Willy Tarreau295a8372011-03-10 11:25:07 +01007271 * uri_auth field is valid.
Willy Tarreaub2513902006-12-17 14:52:38 +01007272 *
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007273 * Returns 1 if stats should be provided, otherwise 0.
Willy Tarreaub2513902006-12-17 14:52:38 +01007274 */
Willy Tarreau295a8372011-03-10 11:25:07 +01007275int stats_check_uri(struct stream_interface *si, struct http_txn *txn, struct proxy *backend)
Willy Tarreaub2513902006-12-17 14:52:38 +01007276{
7277 struct uri_auth *uri_auth = backend->uri_auth;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007278 char *h;
Willy Tarreaub2513902006-12-17 14:52:38 +01007279
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007280 if (!uri_auth)
7281 return 0;
7282
Cyril Bonté70be45d2010-10-12 00:14:35 +02007283 if (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD && txn->meth != HTTP_METH_POST)
Krzysztof Piotr Oledzki8c8bd452010-01-29 19:29:32 +01007284 return 0;
7285
Willy Tarreau295a8372011-03-10 11:25:07 +01007286 memset(&si->applet.ctx.stats, 0, sizeof(si->applet.ctx.stats));
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01007287
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007288 /* check URI size */
Willy Tarreau4dbc4a22007-03-03 16:23:22 +01007289 if (uri_auth->uri_len > txn->req.sl.rq.u_l)
Willy Tarreaub2513902006-12-17 14:52:38 +01007290 return 0;
7291
Willy Tarreau962c3f42010-01-10 00:15:35 +01007292 h = txn->req.sol + txn->req.sl.rq.u;
Willy Tarreau8d5d7f22007-01-21 19:16:41 +01007293
Willy Tarreau0214c3a2007-01-07 13:47:30 +01007294 /* the URI is in h */
7295 if (memcmp(h, uri_auth->uri_prefix, uri_auth->uri_len) != 0)
Willy Tarreaub2513902006-12-17 14:52:38 +01007296 return 0;
7297
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007298 h += uri_auth->uri_len;
Willy Tarreau962c3f42010-01-10 00:15:35 +01007299 while (h <= txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 3) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007300 if (memcmp(h, ";up", 3) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007301 si->applet.ctx.stats.flags |= STAT_HIDE_DOWN;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007302 break;
7303 }
7304 h++;
7305 }
7306
7307 if (uri_auth->refresh) {
Willy Tarreau962c3f42010-01-10 00:15:35 +01007308 h = txn->req.sol + txn->req.sl.rq.u + uri_auth->uri_len;
7309 while (h <= txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 10) {
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007310 if (memcmp(h, ";norefresh", 10) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007311 si->applet.ctx.stats.flags |= STAT_NO_REFRESH;
Willy Tarreaue7150cd2007-07-25 14:43:32 +02007312 break;
7313 }
7314 h++;
7315 }
7316 }
7317
Willy Tarreau962c3f42010-01-10 00:15:35 +01007318 h = txn->req.sol + txn->req.sl.rq.u + uri_auth->uri_len;
7319 while (h <= txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 4) {
Willy Tarreau55bb8452007-10-17 18:44:57 +02007320 if (memcmp(h, ";csv", 4) == 0) {
Willy Tarreau295a8372011-03-10 11:25:07 +01007321 si->applet.ctx.stats.flags |= STAT_FMT_CSV;
Willy Tarreau55bb8452007-10-17 18:44:57 +02007322 break;
7323 }
7324 h++;
7325 }
7326
Cyril Bonté70be45d2010-10-12 00:14:35 +02007327 h = txn->req.sol + txn->req.sl.rq.u + uri_auth->uri_len;
7328 while (h <= txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l - 8) {
7329 if (memcmp(h, ";st=", 4) == 0) {
7330 h += 4;
7331
7332 if (memcmp(h, STAT_STATUS_DONE, 4) == 0)
Willy Tarreau295a8372011-03-10 11:25:07 +01007333 si->applet.ctx.stats.st_code = STAT_STATUS_DONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02007334 else if (memcmp(h, STAT_STATUS_NONE, 4) == 0)
Willy Tarreau295a8372011-03-10 11:25:07 +01007335 si->applet.ctx.stats.st_code = STAT_STATUS_NONE;
Cyril Bonté70be45d2010-10-12 00:14:35 +02007336 else if (memcmp(h, STAT_STATUS_EXCD, 4) == 0)
Willy Tarreau295a8372011-03-10 11:25:07 +01007337 si->applet.ctx.stats.st_code = STAT_STATUS_EXCD;
Cyril Bonté474be412010-10-12 00:14:36 +02007338 else if (memcmp(h, STAT_STATUS_DENY, 4) == 0)
Willy Tarreau295a8372011-03-10 11:25:07 +01007339 si->applet.ctx.stats.st_code = STAT_STATUS_DENY;
Cyril Bonté70be45d2010-10-12 00:14:35 +02007340 else
Willy Tarreau295a8372011-03-10 11:25:07 +01007341 si->applet.ctx.stats.st_code = STAT_STATUS_UNKN;
Cyril Bonté70be45d2010-10-12 00:14:35 +02007342 break;
7343 }
7344 h++;
7345 }
7346
Willy Tarreau295a8372011-03-10 11:25:07 +01007347 si->applet.ctx.stats.flags |= STAT_SHOW_STAT | STAT_SHOW_INFO;
Willy Tarreau39f7e6d2008-03-17 21:38:24 +01007348
Willy Tarreaub2513902006-12-17 14:52:38 +01007349 return 1;
7350}
7351
Willy Tarreau4076a152009-04-02 15:18:36 +02007352/*
7353 * Capture a bad request or response and archive it in the proxy's structure.
Willy Tarreau962c3f42010-01-10 00:15:35 +01007354 * WARNING: it's unlikely that we've reached HTTP_MSG_BODY here so we must not
7355 * assume that msg->sol = buf->data + msg->som.
Willy Tarreau4076a152009-04-02 15:18:36 +02007356 */
7357void http_capture_bad_message(struct error_snapshot *es, struct session *s,
7358 struct buffer *buf, struct http_msg *msg,
Willy Tarreau078272e2010-12-12 12:46:33 +01007359 int state, struct proxy *other_end)
Willy Tarreau4076a152009-04-02 15:18:36 +02007360{
Willy Tarreau81f2fb92010-12-12 13:09:08 +01007361 if (buf->r <= (buf->data + msg->som)) { /* message wraps */
7362 int len1 = buf->size - msg->som;
7363 es->len = buf->r - (buf->data + msg->som) + buf->size;
7364 memcpy(es->buf, buf->data + msg->som, MIN(len1, sizeof(es->buf)));
7365 if (es->len > len1 && len1 < sizeof(es->buf))
7366 memcpy(es->buf, buf->data, MIN(es->len, sizeof(es->buf)) - len1);
7367 }
7368 else {
7369 es->len = buf->r - (buf->data + msg->som);
7370 memcpy(es->buf, buf->data + msg->som, MIN(es->len, sizeof(es->buf)));
7371 }
7372
Willy Tarreau4076a152009-04-02 15:18:36 +02007373 if (msg->err_pos >= 0)
Willy Tarreau2df8d712009-05-01 11:33:17 +02007374 es->pos = msg->err_pos - msg->som;
Willy Tarreau81f2fb92010-12-12 13:09:08 +01007375 else if (buf->lr >= (buf->data + msg->som))
Willy Tarreau2df8d712009-05-01 11:33:17 +02007376 es->pos = buf->lr - (buf->data + msg->som);
Willy Tarreau81f2fb92010-12-12 13:09:08 +01007377 else
7378 es->pos = buf->lr - (buf->data + msg->som) + buf->size;
7379
Willy Tarreau4076a152009-04-02 15:18:36 +02007380 es->when = date; // user-visible date
7381 es->sid = s->uniq_id;
7382 es->srv = s->srv;
7383 es->oe = other_end;
Willy Tarreau957c0a52011-03-03 17:42:23 +01007384 es->src = s->req->prod->addr.c.from;
Willy Tarreau078272e2010-12-12 12:46:33 +01007385 es->state = state;
7386 es->flags = buf->flags;
Willy Tarreau10479e42010-12-12 14:00:34 +01007387 es->ev_id = error_snapshot_id++;
Willy Tarreau4076a152009-04-02 15:18:36 +02007388}
Willy Tarreaub2513902006-12-17 14:52:38 +01007389
Willy Tarreaubce70882009-09-07 11:51:47 +02007390/* return the IP address pointed to by occurrence <occ> of header <hname> in
7391 * HTTP message <msg> indexed in <idx>. If <occ> is strictly positive, the
7392 * occurrence number corresponding to this value is returned. If <occ> is
7393 * strictly negative, the occurrence number before the end corresponding to
7394 * this value is returned. If <occ> is null, any value is returned, so it is
7395 * not recommended to use it that way. Negative occurrences are limited to
7396 * a small value because it is required to keep them in memory while scanning.
7397 * IP address 0.0.0.0 is returned if no match is found.
7398 */
7399unsigned int get_ip_from_hdr2(struct http_msg *msg, const char *hname, int hlen, struct hdr_idx *idx, int occ)
7400{
7401 struct hdr_ctx ctx;
7402 unsigned int hdr_hist[MAX_HDR_HISTORY];
7403 unsigned int hist_ptr;
7404 int found = 0;
7405
7406 ctx.idx = 0;
7407 if (occ >= 0) {
7408 while (http_find_header2(hname, hlen, msg->sol, idx, &ctx)) {
7409 occ--;
7410 if (occ <= 0) {
7411 found = 1;
7412 break;
7413 }
7414 }
7415 if (!found)
7416 return 0;
7417 return inetaddr_host_lim(ctx.line+ctx.val, ctx.line+ctx.val+ctx.vlen);
7418 }
7419
7420 /* negative occurrence, we scan all the list then walk back */
7421 if (-occ > MAX_HDR_HISTORY)
7422 return 0;
7423
7424 hist_ptr = 0;
7425 hdr_hist[hist_ptr] = 0;
7426 while (http_find_header2(hname, hlen, msg->sol, idx, &ctx)) {
7427 hdr_hist[hist_ptr++] = inetaddr_host_lim(ctx.line+ctx.val, ctx.line+ctx.val+ctx.vlen);
7428 if (hist_ptr >= MAX_HDR_HISTORY)
7429 hist_ptr = 0;
7430 found++;
7431 }
7432 if (-occ > found)
7433 return 0;
7434 /* OK now we have the last occurrence in [hist_ptr-1], and we need to
7435 * find occurrence -occ, so we have to check [hist_ptr+occ].
7436 */
7437 hist_ptr += occ;
7438 if (hist_ptr >= MAX_HDR_HISTORY)
7439 hist_ptr -= MAX_HDR_HISTORY;
7440 return hdr_hist[hist_ptr];
7441}
7442
Willy Tarreaubaaee002006-06-26 02:48:02 +02007443/*
Willy Tarreau58f10d72006-12-04 02:26:12 +01007444 * Print a debug line with a header
7445 */
7446void debug_hdr(const char *dir, struct session *t, const char *start, const char *end)
7447{
7448 int len, max;
7449 len = sprintf(trash, "%08x:%s.%s[%04x:%04x]: ", t->uniq_id, t->be->id,
Willy Tarreau3a16b2c2008-08-28 08:54:27 +02007450 dir, (unsigned short)t->req->prod->fd, (unsigned short)t->req->cons->fd);
Willy Tarreau58f10d72006-12-04 02:26:12 +01007451 max = end - start;
7452 UBOUND(max, sizeof(trash) - len - 1);
7453 len += strlcpy2(trash + len, start, max + 1);
7454 trash[len++] = '\n';
7455 write(1, trash, len);
7456}
7457
Willy Tarreau0937bc42009-12-22 15:03:09 +01007458/*
7459 * Initialize a new HTTP transaction for session <s>. It is assumed that all
7460 * the required fields are properly allocated and that we only need to (re)init
7461 * them. This should be used before processing any new request.
7462 */
7463void http_init_txn(struct session *s)
7464{
7465 struct http_txn *txn = &s->txn;
7466 struct proxy *fe = s->fe;
7467
7468 txn->flags = 0;
7469 txn->status = -1;
7470
Willy Tarreauf64d1412010-10-07 20:06:11 +02007471 txn->cookie_first_date = 0;
7472 txn->cookie_last_date = 0;
7473
Willy Tarreau0937bc42009-12-22 15:03:09 +01007474 txn->req.sol = txn->req.eol = NULL;
7475 txn->req.som = txn->req.eoh = 0; /* relative to the buffer */
7476 txn->rsp.sol = txn->rsp.eol = NULL;
7477 txn->rsp.som = txn->rsp.eoh = 0; /* relative to the buffer */
Willy Tarreau124d9912011-03-01 20:30:48 +01007478 txn->req.chunk_len = 0LL;
7479 txn->req.body_len = 0LL;
7480 txn->rsp.chunk_len = 0LL;
7481 txn->rsp.body_len = 0LL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007482 txn->req.msg_state = HTTP_MSG_RQBEFORE; /* at the very beginning of the request */
7483 txn->rsp.msg_state = HTTP_MSG_RPBEFORE; /* at the very beginning of the response */
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01007484
7485 txn->auth.method = HTTP_AUTH_UNKNOWN;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007486
7487 txn->req.err_pos = txn->rsp.err_pos = -2; /* block buggy requests/responses */
7488 if (fe->options2 & PR_O2_REQBUG_OK)
7489 txn->req.err_pos = -1; /* let buggy requests pass */
7490
Willy Tarreau46023632010-01-07 22:51:47 +01007491 if (txn->req.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01007492 memset(txn->req.cap, 0, fe->nb_req_cap * sizeof(void *));
7493
Willy Tarreau46023632010-01-07 22:51:47 +01007494 if (txn->rsp.cap)
Willy Tarreau0937bc42009-12-22 15:03:09 +01007495 memset(txn->rsp.cap, 0, fe->nb_rsp_cap * sizeof(void *));
7496
7497 if (txn->hdr_idx.v)
7498 hdr_idx_init(&txn->hdr_idx);
7499}
7500
7501/* to be used at the end of a transaction */
7502void http_end_txn(struct session *s)
7503{
7504 struct http_txn *txn = &s->txn;
7505
7506 /* these ones will have been dynamically allocated */
7507 pool_free2(pool2_requri, txn->uri);
7508 pool_free2(pool2_capture, txn->cli_cookie);
7509 pool_free2(pool2_capture, txn->srv_cookie);
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007510 pool_free2(apools.sessid, txn->sessid);
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01007511
Willy Tarreaua3377ee2010-01-10 10:49:11 +01007512 txn->sessid = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007513 txn->uri = NULL;
7514 txn->srv_cookie = NULL;
7515 txn->cli_cookie = NULL;
Willy Tarreau46023632010-01-07 22:51:47 +01007516
7517 if (txn->req.cap) {
7518 struct cap_hdr *h;
7519 for (h = s->fe->req_cap; h; h = h->next)
7520 pool_free2(h->pool, txn->req.cap[h->index]);
7521 memset(txn->req.cap, 0, s->fe->nb_req_cap * sizeof(void *));
7522 }
7523
7524 if (txn->rsp.cap) {
7525 struct cap_hdr *h;
7526 for (h = s->fe->rsp_cap; h; h = h->next)
7527 pool_free2(h->pool, txn->rsp.cap[h->index]);
7528 memset(txn->rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *));
7529 }
7530
Willy Tarreau0937bc42009-12-22 15:03:09 +01007531}
7532
7533/* to be used at the end of a transaction to prepare a new one */
7534void http_reset_txn(struct session *s)
7535{
7536 http_end_txn(s);
7537 http_init_txn(s);
7538
7539 s->be = s->fe;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007540 s->logs.logwait = s->fe->to_log;
Willy Tarreau3d80d912011-03-10 11:42:13 +01007541 s->srv = s->srv_conn = NULL;
Willy Tarreau9e000c62011-03-10 14:03:36 +01007542 clear_target(&s->target);
Emeric Brunb982a3d2010-01-04 15:45:53 +01007543 /* re-init store persistence */
7544 s->store_count = 0;
7545
Willy Tarreau0937bc42009-12-22 15:03:09 +01007546 s->pend_pos = NULL;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007547
7548 s->req->flags |= BF_READ_DONTWAIT; /* one read is usually enough */
7549
Willy Tarreau739cfba2010-01-25 23:11:14 +01007550 /* We must trim any excess data from the response buffer, because we
7551 * may have blocked an invalid response from a server that we don't
7552 * want to accidentely forward once we disable the analysers, nor do
7553 * we want those data to come along with next response. A typical
7554 * example of such data would be from a buggy server responding to
7555 * a HEAD with some data, or sending more than the advertised
7556 * content-length.
7557 */
7558 if (unlikely(s->rep->l > s->rep->send_max)) {
7559 s->rep->l = s->rep->send_max;
7560 s->rep->r = s->rep->w + s->rep->l;
7561 if (s->rep->r >= s->rep->data + s->rep->size)
7562 s->rep->r -= s->rep->size;
7563 }
7564
Willy Tarreau0937bc42009-12-22 15:03:09 +01007565 s->req->rto = s->fe->timeout.client;
Willy Tarreaud04e8582010-05-31 12:31:35 +02007566 s->req->wto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007567
Willy Tarreaud04e8582010-05-31 12:31:35 +02007568 s->rep->rto = TICK_ETERNITY;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007569 s->rep->wto = s->fe->timeout.client;
Willy Tarreau0937bc42009-12-22 15:03:09 +01007570
7571 s->req->rex = TICK_ETERNITY;
7572 s->req->wex = TICK_ETERNITY;
7573 s->req->analyse_exp = TICK_ETERNITY;
7574 s->rep->rex = TICK_ETERNITY;
7575 s->rep->wex = TICK_ETERNITY;
7576 s->rep->analyse_exp = TICK_ETERNITY;
7577}
Willy Tarreau58f10d72006-12-04 02:26:12 +01007578
Willy Tarreau8797c062007-05-07 00:55:35 +02007579/************************************************************************/
7580/* The code below is dedicated to ACL parsing and matching */
7581/************************************************************************/
7582
7583
7584
7585
7586/* 1. Check on METHOD
7587 * We use the pre-parsed method if it is known, and store its number as an
7588 * integer. If it is unknown, we use the pointer and the length.
7589 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02007590static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02007591{
7592 int len, meth;
7593
Willy Tarreauae8b7962007-06-09 23:10:04 +02007594 len = strlen(*text);
7595 meth = find_http_meth(*text, len);
Willy Tarreau8797c062007-05-07 00:55:35 +02007596
7597 pattern->val.i = meth;
7598 if (meth == HTTP_METH_OTHER) {
Willy Tarreauae8b7962007-06-09 23:10:04 +02007599 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02007600 if (!pattern->ptr.str)
7601 return 0;
7602 pattern->len = len;
7603 }
7604 return 1;
7605}
7606
Willy Tarreaud41f8d82007-06-10 10:06:18 +02007607static int
Willy Tarreau97be1452007-06-10 11:47:14 +02007608acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
7609 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02007610{
7611 int meth;
7612 struct http_txn *txn = l7;
7613
Willy Tarreaub6866442008-07-14 23:54:42 +02007614 if (!txn)
7615 return 0;
7616
Willy Tarreau655dce92009-11-08 13:10:58 +01007617 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007618 return 0;
7619
Willy Tarreau8797c062007-05-07 00:55:35 +02007620 meth = txn->meth;
7621 test->i = meth;
7622 if (meth == HTTP_METH_OTHER) {
Willy Tarreauc11416f2007-06-17 16:58:38 +02007623 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7624 /* ensure the indexes are not affected */
7625 return 0;
Willy Tarreau8797c062007-05-07 00:55:35 +02007626 test->len = txn->req.sl.rq.m_l;
7627 test->ptr = txn->req.sol;
7628 }
7629 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
7630 return 1;
7631}
7632
7633static int acl_match_meth(struct acl_test *test, struct acl_pattern *pattern)
7634{
Willy Tarreauc8d7c962007-06-17 08:20:33 +02007635 int icase;
7636
Willy Tarreau8797c062007-05-07 00:55:35 +02007637 if (test->i != pattern->val.i)
Willy Tarreau11382812008-07-09 16:18:21 +02007638 return ACL_PAT_FAIL;
Willy Tarreau8797c062007-05-07 00:55:35 +02007639
7640 if (test->i != HTTP_METH_OTHER)
Willy Tarreau11382812008-07-09 16:18:21 +02007641 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02007642
7643 /* Other method, we must compare the strings */
7644 if (pattern->len != test->len)
Willy Tarreau11382812008-07-09 16:18:21 +02007645 return ACL_PAT_FAIL;
Willy Tarreauc8d7c962007-06-17 08:20:33 +02007646
7647 icase = pattern->flags & ACL_PAT_F_IGNORE_CASE;
7648 if ((icase && strncasecmp(pattern->ptr.str, test->ptr, test->len) != 0) ||
7649 (!icase && strncmp(pattern->ptr.str, test->ptr, test->len) != 0))
Willy Tarreau11382812008-07-09 16:18:21 +02007650 return ACL_PAT_FAIL;
7651 return ACL_PAT_PASS;
Willy Tarreau8797c062007-05-07 00:55:35 +02007652}
7653
7654/* 2. Check on Request/Status Version
7655 * We simply compare strings here.
7656 */
Willy Tarreauae8b7962007-06-09 23:10:04 +02007657static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *opaque)
Willy Tarreau8797c062007-05-07 00:55:35 +02007658{
Willy Tarreauae8b7962007-06-09 23:10:04 +02007659 pattern->ptr.str = strdup(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02007660 if (!pattern->ptr.str)
7661 return 0;
Willy Tarreauae8b7962007-06-09 23:10:04 +02007662 pattern->len = strlen(*text);
Willy Tarreau8797c062007-05-07 00:55:35 +02007663 return 1;
7664}
7665
Willy Tarreaud41f8d82007-06-10 10:06:18 +02007666static int
Willy Tarreau97be1452007-06-10 11:47:14 +02007667acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
7668 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02007669{
7670 struct http_txn *txn = l7;
7671 char *ptr;
7672 int len;
7673
Willy Tarreaub6866442008-07-14 23:54:42 +02007674 if (!txn)
7675 return 0;
7676
Willy Tarreau655dce92009-11-08 13:10:58 +01007677 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007678 return 0;
7679
Willy Tarreau8797c062007-05-07 00:55:35 +02007680 len = txn->req.sl.rq.v_l;
Willy Tarreau962c3f42010-01-10 00:15:35 +01007681 ptr = txn->req.sol + txn->req.sl.rq.v;
Willy Tarreau8797c062007-05-07 00:55:35 +02007682
7683 while ((len-- > 0) && (*ptr++ != '/'));
7684 if (len <= 0)
7685 return 0;
7686
7687 test->ptr = ptr;
7688 test->len = len;
7689
7690 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
7691 return 1;
7692}
7693
Willy Tarreaud41f8d82007-06-10 10:06:18 +02007694static int
Willy Tarreau97be1452007-06-10 11:47:14 +02007695acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
7696 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02007697{
7698 struct http_txn *txn = l7;
7699 char *ptr;
7700 int len;
7701
Willy Tarreaub6866442008-07-14 23:54:42 +02007702 if (!txn)
7703 return 0;
7704
Willy Tarreau655dce92009-11-08 13:10:58 +01007705 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007706 return 0;
7707
Willy Tarreau8797c062007-05-07 00:55:35 +02007708 len = txn->rsp.sl.st.v_l;
7709 ptr = txn->rsp.sol;
7710
7711 while ((len-- > 0) && (*ptr++ != '/'));
7712 if (len <= 0)
7713 return 0;
7714
7715 test->ptr = ptr;
7716 test->len = len;
7717
7718 test->flags = ACL_TEST_F_READ_ONLY | ACL_TEST_F_VOL_1ST;
7719 return 1;
7720}
7721
7722/* 3. Check on Status Code. We manipulate integers here. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02007723static int
Willy Tarreau97be1452007-06-10 11:47:14 +02007724acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
7725 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02007726{
7727 struct http_txn *txn = l7;
7728 char *ptr;
7729 int len;
7730
Willy Tarreaub6866442008-07-14 23:54:42 +02007731 if (!txn)
7732 return 0;
7733
Willy Tarreau655dce92009-11-08 13:10:58 +01007734 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007735 return 0;
7736
Willy Tarreau8797c062007-05-07 00:55:35 +02007737 len = txn->rsp.sl.st.c_l;
Willy Tarreau962c3f42010-01-10 00:15:35 +01007738 ptr = txn->rsp.sol + txn->rsp.sl.st.c;
Willy Tarreau8797c062007-05-07 00:55:35 +02007739
7740 test->i = __strl2ui(ptr, len);
7741 test->flags = ACL_TEST_F_VOL_1ST;
7742 return 1;
7743}
7744
7745/* 4. Check on URL/URI. A pointer to the URI is stored. */
Willy Tarreaud41f8d82007-06-10 10:06:18 +02007746static int
Willy Tarreau97be1452007-06-10 11:47:14 +02007747acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
7748 struct acl_expr *expr, struct acl_test *test)
Willy Tarreau8797c062007-05-07 00:55:35 +02007749{
7750 struct http_txn *txn = l7;
7751
Willy Tarreaub6866442008-07-14 23:54:42 +02007752 if (!txn)
7753 return 0;
7754
Willy Tarreau655dce92009-11-08 13:10:58 +01007755 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007756 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02007757
Willy Tarreauc11416f2007-06-17 16:58:38 +02007758 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7759 /* ensure the indexes are not affected */
7760 return 0;
7761
Willy Tarreau8797c062007-05-07 00:55:35 +02007762 test->len = txn->req.sl.rq.u_l;
Willy Tarreau962c3f42010-01-10 00:15:35 +01007763 test->ptr = txn->req.sol + txn->req.sl.rq.u;
Willy Tarreau8797c062007-05-07 00:55:35 +02007764
Willy Tarreauf3d25982007-05-08 22:45:09 +02007765 /* we do not need to set READ_ONLY because the data is in a buffer */
7766 test->flags = ACL_TEST_F_VOL_1ST;
Willy Tarreau8797c062007-05-07 00:55:35 +02007767 return 1;
7768}
7769
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007770static int
7771acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
7772 struct acl_expr *expr, struct acl_test *test)
7773{
7774 struct http_txn *txn = l7;
7775
Willy Tarreaub6866442008-07-14 23:54:42 +02007776 if (!txn)
7777 return 0;
7778
Willy Tarreau655dce92009-11-08 13:10:58 +01007779 if (txn->req.msg_state < HTTP_MSG_BODY)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007780 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02007781
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007782 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7783 /* ensure the indexes are not affected */
7784 return 0;
7785
7786 /* Parse HTTP request */
Willy Tarreau957c0a52011-03-03 17:42:23 +01007787 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->addr.s.to);
7788 test->ptr = (void *)&((struct sockaddr_in *)&l4->req->cons->addr.s.to)->sin_addr;
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007789 test->i = AF_INET;
7790
7791 /*
7792 * If we are parsing url in frontend space, we prepare backend stage
7793 * to not parse again the same url ! optimization lazyness...
7794 */
7795 if (px->options & PR_O_HTTP_PROXY)
7796 l4->flags |= SN_ADDR_SET;
7797
7798 test->flags = ACL_TEST_F_READ_ONLY;
7799 return 1;
7800}
7801
7802static int
7803acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
7804 struct acl_expr *expr, struct acl_test *test)
7805{
7806 struct http_txn *txn = l7;
7807
Willy Tarreaub6866442008-07-14 23:54:42 +02007808 if (!txn)
7809 return 0;
7810
Willy Tarreau655dce92009-11-08 13:10:58 +01007811 if (txn->req.msg_state < HTTP_MSG_BODY)
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007812 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02007813
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007814 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7815 /* ensure the indexes are not affected */
7816 return 0;
7817
7818 /* Same optimization as url_ip */
Willy Tarreau957c0a52011-03-03 17:42:23 +01007819 url2sa(txn->req.sol + txn->req.sl.rq.u, txn->req.sl.rq.u_l, &l4->req->cons->addr.s.to);
7820 test->i = ntohs(((struct sockaddr_in *)&l4->req->cons->addr.s.to)->sin_port);
Alexandre Cassen5eb1a902007-11-29 15:43:32 +01007821
7822 if (px->options & PR_O_HTTP_PROXY)
7823 l4->flags |= SN_ADDR_SET;
7824
7825 test->flags = ACL_TEST_F_READ_ONLY;
7826 return 1;
7827}
7828
Willy Tarreauc11416f2007-06-17 16:58:38 +02007829/* 5. Check on HTTP header. A pointer to the beginning of the value is returned.
7830 * This generic function is used by both acl_fetch_chdr() and acl_fetch_shdr().
7831 */
Willy Tarreau33a7e692007-06-10 19:45:56 +02007832static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02007833acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02007834 struct acl_expr *expr, struct acl_test *test)
7835{
7836 struct http_txn *txn = l7;
7837 struct hdr_idx *idx = &txn->hdr_idx;
7838 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02007839
Willy Tarreaub6866442008-07-14 23:54:42 +02007840 if (!txn)
7841 return 0;
7842
Willy Tarreau33a7e692007-06-10 19:45:56 +02007843 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
7844 /* search for header from the beginning */
7845 ctx->idx = 0;
7846
Willy Tarreau33a7e692007-06-10 19:45:56 +02007847 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
7848 test->flags |= ACL_TEST_F_FETCH_MORE;
7849 test->flags |= ACL_TEST_F_VOL_HDR;
7850 test->len = ctx->vlen;
7851 test->ptr = (char *)ctx->line + ctx->val;
7852 return 1;
7853 }
7854
7855 test->flags &= ~ACL_TEST_F_FETCH_MORE;
7856 test->flags |= ACL_TEST_F_VOL_HDR;
7857 return 0;
7858}
7859
Willy Tarreau33a7e692007-06-10 19:45:56 +02007860static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02007861acl_fetch_chdr(struct proxy *px, struct session *l4, void *l7, int dir,
7862 struct acl_expr *expr, struct acl_test *test)
7863{
7864 struct http_txn *txn = l7;
7865
Willy Tarreaub6866442008-07-14 23:54:42 +02007866 if (!txn)
7867 return 0;
7868
Willy Tarreau655dce92009-11-08 13:10:58 +01007869 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007870 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02007871
Willy Tarreauc11416f2007-06-17 16:58:38 +02007872 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7873 /* ensure the indexes are not affected */
7874 return 0;
7875
7876 return acl_fetch_hdr(px, l4, txn, txn->req.sol, expr, test);
7877}
7878
7879static int
7880acl_fetch_shdr(struct proxy *px, struct session *l4, void *l7, int dir,
7881 struct acl_expr *expr, struct acl_test *test)
7882{
7883 struct http_txn *txn = l7;
7884
Willy Tarreaub6866442008-07-14 23:54:42 +02007885 if (!txn)
7886 return 0;
7887
Willy Tarreau655dce92009-11-08 13:10:58 +01007888 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007889 return 0;
7890
7891 return acl_fetch_hdr(px, l4, txn, txn->rsp.sol, expr, test);
7892}
7893
7894/* 6. Check on HTTP header count. The number of occurrences is returned.
7895 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
7896 */
7897static int
7898acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02007899 struct acl_expr *expr, struct acl_test *test)
7900{
7901 struct http_txn *txn = l7;
7902 struct hdr_idx *idx = &txn->hdr_idx;
7903 struct hdr_ctx ctx;
Willy Tarreau33a7e692007-06-10 19:45:56 +02007904 int cnt;
Willy Tarreau8797c062007-05-07 00:55:35 +02007905
Willy Tarreaub6866442008-07-14 23:54:42 +02007906 if (!txn)
7907 return 0;
7908
Willy Tarreau33a7e692007-06-10 19:45:56 +02007909 ctx.idx = 0;
7910 cnt = 0;
7911 while (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, &ctx))
7912 cnt++;
7913
7914 test->i = cnt;
7915 test->flags = ACL_TEST_F_VOL_HDR;
7916 return 1;
7917}
7918
Willy Tarreauc11416f2007-06-17 16:58:38 +02007919static int
7920acl_fetch_chdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
7921 struct acl_expr *expr, struct acl_test *test)
7922{
7923 struct http_txn *txn = l7;
7924
Willy Tarreaub6866442008-07-14 23:54:42 +02007925 if (!txn)
7926 return 0;
7927
Willy Tarreau655dce92009-11-08 13:10:58 +01007928 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007929 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02007930
Willy Tarreauc11416f2007-06-17 16:58:38 +02007931 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7932 /* ensure the indexes are not affected */
7933 return 0;
7934
7935 return acl_fetch_hdr_cnt(px, l4, txn, txn->req.sol, expr, test);
7936}
7937
7938static int
7939acl_fetch_shdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
7940 struct acl_expr *expr, struct acl_test *test)
7941{
7942 struct http_txn *txn = l7;
7943
Willy Tarreaub6866442008-07-14 23:54:42 +02007944 if (!txn)
7945 return 0;
7946
Willy Tarreau655dce92009-11-08 13:10:58 +01007947 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007948 return 0;
7949
7950 return acl_fetch_hdr_cnt(px, l4, txn, txn->rsp.sol, expr, test);
7951}
7952
Willy Tarreau33a7e692007-06-10 19:45:56 +02007953/* 7. Check on HTTP header's integer value. The integer value is returned.
7954 * FIXME: the type is 'int', it may not be appropriate for everything.
Willy Tarreauc11416f2007-06-17 16:58:38 +02007955 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
Willy Tarreau33a7e692007-06-10 19:45:56 +02007956 */
7957static int
Willy Tarreauc11416f2007-06-17 16:58:38 +02007958acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, char *sol,
Willy Tarreau33a7e692007-06-10 19:45:56 +02007959 struct acl_expr *expr, struct acl_test *test)
7960{
7961 struct http_txn *txn = l7;
7962 struct hdr_idx *idx = &txn->hdr_idx;
7963 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
Willy Tarreau33a7e692007-06-10 19:45:56 +02007964
Willy Tarreaub6866442008-07-14 23:54:42 +02007965 if (!txn)
7966 return 0;
7967
Willy Tarreau33a7e692007-06-10 19:45:56 +02007968 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
7969 /* search for header from the beginning */
7970 ctx->idx = 0;
7971
Willy Tarreau33a7e692007-06-10 19:45:56 +02007972 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
7973 test->flags |= ACL_TEST_F_FETCH_MORE;
7974 test->flags |= ACL_TEST_F_VOL_HDR;
7975 test->i = strl2ic((char *)ctx->line + ctx->val, ctx->vlen);
7976 return 1;
7977 }
7978
7979 test->flags &= ~ACL_TEST_F_FETCH_MORE;
7980 test->flags |= ACL_TEST_F_VOL_HDR;
7981 return 0;
7982}
7983
Willy Tarreauc11416f2007-06-17 16:58:38 +02007984static int
7985acl_fetch_chdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
7986 struct acl_expr *expr, struct acl_test *test)
7987{
7988 struct http_txn *txn = l7;
7989
Willy Tarreaub6866442008-07-14 23:54:42 +02007990 if (!txn)
7991 return 0;
7992
Willy Tarreau655dce92009-11-08 13:10:58 +01007993 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02007994 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02007995
Willy Tarreauc11416f2007-06-17 16:58:38 +02007996 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
7997 /* ensure the indexes are not affected */
7998 return 0;
7999
8000 return acl_fetch_hdr_val(px, l4, txn, txn->req.sol, expr, test);
8001}
8002
8003static int
8004acl_fetch_shdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
8005 struct acl_expr *expr, struct acl_test *test)
8006{
8007 struct http_txn *txn = l7;
8008
Willy Tarreaub6866442008-07-14 23:54:42 +02008009 if (!txn)
8010 return 0;
8011
Willy Tarreau655dce92009-11-08 13:10:58 +01008012 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02008013 return 0;
8014
8015 return acl_fetch_hdr_val(px, l4, txn, txn->rsp.sol, expr, test);
8016}
8017
Willy Tarreau106f9792009-09-19 07:54:16 +02008018/* 7. Check on HTTP header's IPv4 address value. The IPv4 address is returned.
8019 * This generic function is used by both acl_fetch_chdr* and acl_fetch_shdr*.
8020 */
8021static int
8022acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, char *sol,
8023 struct acl_expr *expr, struct acl_test *test)
8024{
8025 struct http_txn *txn = l7;
8026 struct hdr_idx *idx = &txn->hdr_idx;
8027 struct hdr_ctx *ctx = (struct hdr_ctx *)test->ctx.a;
8028
8029 if (!txn)
8030 return 0;
8031
8032 if (!(test->flags & ACL_TEST_F_FETCH_MORE))
8033 /* search for header from the beginning */
8034 ctx->idx = 0;
8035
8036 if (http_find_header2(expr->arg.str, expr->arg_len, sol, idx, ctx)) {
8037 test->flags |= ACL_TEST_F_FETCH_MORE;
8038 test->flags |= ACL_TEST_F_VOL_HDR;
8039 /* Same optimization as url_ip */
Willy Tarreau957c0a52011-03-03 17:42:23 +01008040 memset(&l4->req->cons->addr.s.to.sin_addr, 0, sizeof(l4->req->cons->addr.s.to.sin_addr));
8041 url2ip((char *)ctx->line + ctx->val, &l4->req->cons->addr.s.to.sin_addr);
8042 test->ptr = (void *)&l4->req->cons->addr.s.to.sin_addr;
Willy Tarreau106f9792009-09-19 07:54:16 +02008043 test->i = AF_INET;
8044 return 1;
8045 }
8046
8047 test->flags &= ~ACL_TEST_F_FETCH_MORE;
8048 test->flags |= ACL_TEST_F_VOL_HDR;
8049 return 0;
8050}
8051
8052static int
8053acl_fetch_chdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
8054 struct acl_expr *expr, struct acl_test *test)
8055{
8056 struct http_txn *txn = l7;
8057
8058 if (!txn)
8059 return 0;
8060
Willy Tarreau655dce92009-11-08 13:10:58 +01008061 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreau106f9792009-09-19 07:54:16 +02008062 return 0;
8063
8064 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
8065 /* ensure the indexes are not affected */
8066 return 0;
8067
8068 return acl_fetch_hdr_ip(px, l4, txn, txn->req.sol, expr, test);
8069}
8070
8071static int
8072acl_fetch_shdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
8073 struct acl_expr *expr, struct acl_test *test)
8074{
8075 struct http_txn *txn = l7;
8076
8077 if (!txn)
8078 return 0;
8079
Willy Tarreau655dce92009-11-08 13:10:58 +01008080 if (txn->rsp.msg_state < HTTP_MSG_BODY)
Willy Tarreau106f9792009-09-19 07:54:16 +02008081 return 0;
8082
8083 return acl_fetch_hdr_ip(px, l4, txn, txn->rsp.sol, expr, test);
8084}
8085
Willy Tarreau737b0c12007-06-10 21:28:46 +02008086/* 8. Check on URI PATH. A pointer to the PATH is stored. The path starts at
8087 * the first '/' after the possible hostname, and ends before the possible '?'.
8088 */
8089static int
8090acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
8091 struct acl_expr *expr, struct acl_test *test)
8092{
8093 struct http_txn *txn = l7;
8094 char *ptr, *end;
Willy Tarreau33a7e692007-06-10 19:45:56 +02008095
Willy Tarreaub6866442008-07-14 23:54:42 +02008096 if (!txn)
8097 return 0;
8098
Willy Tarreau655dce92009-11-08 13:10:58 +01008099 if (txn->req.msg_state < HTTP_MSG_BODY)
Willy Tarreauc11416f2007-06-17 16:58:38 +02008100 return 0;
Willy Tarreaub6866442008-07-14 23:54:42 +02008101
Willy Tarreauc11416f2007-06-17 16:58:38 +02008102 if (txn->rsp.msg_state != HTTP_MSG_RPBEFORE)
8103 /* ensure the indexes are not affected */
8104 return 0;
8105
Willy Tarreau962c3f42010-01-10 00:15:35 +01008106 end = txn->req.sol + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
Willy Tarreau21d2af32008-02-14 20:25:24 +01008107 ptr = http_get_path(txn);
8108 if (!ptr)
Willy Tarreau737b0c12007-06-10 21:28:46 +02008109 return 0;
8110
8111 /* OK, we got the '/' ! */
8112 test->ptr = ptr;
8113
8114 while (ptr < end && *ptr != '?')
8115 ptr++;
8116
8117 test->len = ptr - test->ptr;
8118
8119 /* we do not need to set READ_ONLY because the data is in a buffer */
8120 test->flags = ACL_TEST_F_VOL_1ST;
8121 return 1;
8122}
8123
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008124static int
8125acl_fetch_proto_http(struct proxy *px, struct session *s, void *l7, int dir,
8126 struct acl_expr *expr, struct acl_test *test)
8127{
8128 struct buffer *req = s->req;
8129 struct http_txn *txn = &s->txn;
8130 struct http_msg *msg = &txn->req;
Willy Tarreau737b0c12007-06-10 21:28:46 +02008131
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008132 /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
8133 * as a layer7 ACL, which involves automatic allocation of hdr_idx.
8134 */
8135
8136 if (!s || !req)
8137 return 0;
8138
Willy Tarreau655dce92009-11-08 13:10:58 +01008139 if (unlikely(msg->msg_state >= HTTP_MSG_BODY)) {
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008140 /* Already decoded as OK */
8141 test->flags |= ACL_TEST_F_SET_RES_PASS;
8142 return 1;
8143 }
8144
8145 /* Try to decode HTTP request */
8146 if (likely(req->lr < req->r))
8147 http_msg_analyzer(req, msg, &txn->hdr_idx);
8148
Willy Tarreau655dce92009-11-08 13:10:58 +01008149 if (unlikely(msg->msg_state < HTTP_MSG_BODY)) {
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008150 if ((msg->msg_state == HTTP_MSG_ERROR) || (req->flags & BF_FULL)) {
8151 test->flags |= ACL_TEST_F_SET_RES_FAIL;
8152 return 1;
8153 }
8154 /* wait for final state */
8155 test->flags |= ACL_TEST_F_MAY_CHANGE;
8156 return 0;
8157 }
8158
8159 /* OK we got a valid HTTP request. We have some minor preparation to
8160 * perform so that further checks can rely on HTTP tests.
8161 */
Willy Tarreau962c3f42010-01-10 00:15:35 +01008162 txn->meth = find_http_meth(msg->sol, msg->sl.rq.m_l);
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008163 if (txn->meth == HTTP_METH_GET || txn->meth == HTTP_METH_HEAD)
8164 s->flags |= SN_REDIRECTABLE;
8165
8166 if (unlikely(msg->sl.rq.v_l == 0) && !http_upgrade_v09_to_v10(req, msg, txn)) {
8167 test->flags |= ACL_TEST_F_SET_RES_FAIL;
8168 return 1;
8169 }
8170
8171 test->flags |= ACL_TEST_F_SET_RES_PASS;
8172 return 1;
8173}
8174
Willy Tarreau7f18e522010-10-22 20:04:13 +02008175/* return a valid test if the current request is the first one on the connection */
8176static int
8177acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir,
8178 struct acl_expr *expr, struct acl_test *test)
8179{
8180 if (!s)
8181 return 0;
8182
8183 if (s->txn.flags & TX_NOT_FIRST)
8184 test->flags |= ACL_TEST_F_SET_RES_FAIL;
8185 else
8186 test->flags |= ACL_TEST_F_SET_RES_PASS;
8187
8188 return 1;
8189}
8190
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008191static int
8192acl_fetch_http_auth(struct proxy *px, struct session *s, void *l7, int dir,
8193 struct acl_expr *expr, struct acl_test *test)
8194{
8195
8196 if (!s)
8197 return 0;
8198
8199 if (!get_http_auth(s))
8200 return 0;
8201
8202 test->ctx.a[0] = expr->arg.ul;
8203 test->ctx.a[1] = s->txn.auth.user;
8204 test->ctx.a[2] = s->txn.auth.pass;
8205
8206 test->flags |= ACL_TEST_F_READ_ONLY | ACL_TEST_F_NULL_MATCH;
8207
8208 return 1;
8209}
Willy Tarreau8797c062007-05-07 00:55:35 +02008210
8211/************************************************************************/
8212/* All supported keywords must be declared here. */
8213/************************************************************************/
8214
8215/* Note: must not be declared <const> as its list will be overwritten */
8216static struct acl_kw_list acl_kws = {{ },{
Willy Tarreau2492d5b2009-07-11 00:06:00 +02008217 { "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT },
8218
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008219 { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
Willy Tarreauc4262962010-05-10 23:42:40 +02008220 { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP },
8221 { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008222 { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02008223
Willy Tarreauc4262962010-05-10 23:42:40 +02008224 { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008225 { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
8226 { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
8227 { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
8228 { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
8229 { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
8230 { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
Willy Tarreaub337b532010-05-13 20:03:41 +02008231 { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008232 { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau8797c062007-05-07 00:55:35 +02008233
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008234 /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
Willy Tarreauc4262962010-05-10 23:42:40 +02008235 { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008236 { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
8237 { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
8238 { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
8239 { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
8240 { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
8241 { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
8242 { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
8243 { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
Willy Tarreaub337b532010-05-13 20:03:41 +02008244 { "hdr_ip", acl_parse_ip, acl_fetch_chdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreauc11416f2007-06-17 16:58:38 +02008245
Willy Tarreauc4262962010-05-10 23:42:40 +02008246 { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008247 { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
8248 { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
8249 { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
8250 { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
8251 { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
8252 { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
8253 { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
8254 { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
Willy Tarreaub337b532010-05-13 20:03:41 +02008255 { "shdr_ip", acl_parse_ip, acl_fetch_shdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau737b0c12007-06-10 21:28:46 +02008256
Willy Tarreauc4262962010-05-10 23:42:40 +02008257 { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP },
Willy Tarreau0ceba5a2008-07-25 19:31:03 +02008258 { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
8259 { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
8260 { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
8261 { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
8262 { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
8263 { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
Willy Tarreau737b0c12007-06-10 21:28:46 +02008264
Willy Tarreauf3d25982007-05-08 22:45:09 +02008265#if 0
Willy Tarreau8797c062007-05-07 00:55:35 +02008266 { "line", acl_parse_str, acl_fetch_line, acl_match_str },
8267 { "line_reg", acl_parse_reg, acl_fetch_line, acl_match_reg },
8268 { "line_beg", acl_parse_str, acl_fetch_line, acl_match_beg },
8269 { "line_end", acl_parse_str, acl_fetch_line, acl_match_end },
8270 { "line_sub", acl_parse_str, acl_fetch_line, acl_match_sub },
8271 { "line_dir", acl_parse_str, acl_fetch_line, acl_match_dir },
8272 { "line_dom", acl_parse_str, acl_fetch_line, acl_match_dom },
8273
Willy Tarreau8797c062007-05-07 00:55:35 +02008274 { "cook", acl_parse_str, acl_fetch_cook, acl_match_str },
8275 { "cook_reg", acl_parse_reg, acl_fetch_cook, acl_match_reg },
8276 { "cook_beg", acl_parse_str, acl_fetch_cook, acl_match_beg },
8277 { "cook_end", acl_parse_str, acl_fetch_cook, acl_match_end },
8278 { "cook_sub", acl_parse_str, acl_fetch_cook, acl_match_sub },
8279 { "cook_dir", acl_parse_str, acl_fetch_cook, acl_match_dir },
8280 { "cook_dom", acl_parse_str, acl_fetch_cook, acl_match_dom },
8281 { "cook_pst", acl_parse_none, acl_fetch_cook, acl_match_pst },
Krzysztof Piotr Oledzkif9423ae2010-01-29 19:26:18 +01008282#endif
Willy Tarreau8797c062007-05-07 00:55:35 +02008283
Willy Tarreau7f18e522010-10-22 20:04:13 +02008284 { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT },
8285 { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_PERMANENT },
8286 { "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT },
Willy Tarreau8797c062007-05-07 00:55:35 +02008287 { NULL, NULL, NULL, NULL },
Willy Tarreau8797c062007-05-07 00:55:35 +02008288}};
8289
Willy Tarreau4a568972010-05-12 08:08:50 +02008290/************************************************************************/
8291/* The code below is dedicated to pattern fetching and matching */
8292/************************************************************************/
8293
8294/* extract the IP address from the last occurrence of specified header. Note
8295 * that we should normally first extract the string then convert it to IP,
8296 * but right now we have all the functions to do this seemlessly, and we will
8297 * be able to change that later without touching the configuration.
8298 */
8299static int
8300pattern_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
Emeric Brun485479d2010-09-23 18:02:19 +02008301 const struct pattern_arg *arg_p, int arg_i, union pattern_data *data)
Willy Tarreau4a568972010-05-12 08:08:50 +02008302{
8303 struct http_txn *txn = l7;
8304
Emeric Brun485479d2010-09-23 18:02:19 +02008305 data->ip.s_addr = htonl(get_ip_from_hdr2(&txn->req, arg_p->data.str.str, arg_p->data.str.len, &txn->hdr_idx, -1));
Willy Tarreau4a568972010-05-12 08:08:50 +02008306 return data->ip.s_addr != 0;
8307}
8308
David Cournapeau16023ee2010-12-23 20:55:41 +09008309/*
8310 * Given a path string and its length, find the position of beginning of the
8311 * query string. Returns NULL if no query string is found in the path.
8312 *
8313 * Example: if path = "/foo/bar/fubar?yo=mama;ye=daddy", and n = 22:
8314 *
8315 * find_query_string(path, n) points to "yo=mama;ye=daddy" string.
8316 */
8317static inline char *find_query_string(char *path, size_t path_l)
8318{
8319 char *p;
Emeric Brun485479d2010-09-23 18:02:19 +02008320
David Cournapeau16023ee2010-12-23 20:55:41 +09008321 p = memchr(path, '?', path_l);
8322 return p ? p + 1 : NULL;
8323}
8324
8325static inline int is_param_delimiter(char c)
8326{
8327 return c == '&' || c == ';';
8328}
8329
8330/*
8331 * Given a url parameter, find the starting position of the first occurence,
8332 * or NULL if the parameter is not found.
8333 *
8334 * Example: if query_string is "yo=mama;ye=daddy" and url_param_name is "ye",
8335 * the function will return query_string+8.
8336 */
8337static char*
8338find_url_param_pos(char* query_string, size_t query_string_l,
8339 char* url_param_name, size_t url_param_name_l)
8340{
8341 char *pos, *last;
8342
8343 pos = query_string;
8344 last = query_string + query_string_l - url_param_name_l - 1;
8345
8346 while (pos <= last) {
8347 if (pos[url_param_name_l] == '=') {
8348 if (memcmp(pos, url_param_name, url_param_name_l) == 0)
8349 return pos;
8350 pos += url_param_name_l + 1;
8351 }
8352 while (pos <= last && !is_param_delimiter(*pos))
8353 pos++;
8354 pos++;
8355 }
8356 return NULL;
8357}
8358
8359/*
8360 * Given a url parameter name, returns its value and size into *value and
8361 * *value_l respectively, and returns non-zero. If the parameter is not found,
8362 * zero is returned and value/value_l are not touched.
8363 */
8364static int
8365find_url_param_value(char* path, size_t path_l,
8366 char* url_param_name, size_t url_param_name_l,
8367 char** value, size_t* value_l)
8368{
8369 char *query_string, *qs_end;
8370 char *arg_start;
8371 char *value_start, *value_end;
8372
8373 query_string = find_query_string(path, path_l);
8374 if (!query_string)
8375 return 0;
8376
8377 qs_end = path + path_l;
8378 arg_start = find_url_param_pos(query_string, qs_end - query_string,
8379 url_param_name, url_param_name_l);
8380 if (!arg_start)
8381 return 0;
8382
8383 value_start = arg_start + url_param_name_l + 1;
8384 value_end = value_start;
8385
8386 while ((value_end < qs_end) && !is_param_delimiter(*value_end))
8387 value_end++;
8388
8389 *value = value_start;
8390 *value_l = value_end - value_start;
Willy Tarreau00134332011-01-04 14:57:34 +01008391 return value_end != value_start;
David Cournapeau16023ee2010-12-23 20:55:41 +09008392}
8393
8394static int
8395pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, int dir,
8396 const struct pattern_arg *arg_p, int arg_i, union pattern_data *data)
8397{
8398 struct http_txn *txn = l7;
8399 struct http_msg *msg = &txn->req;
8400 char *url_param_value;
8401 size_t url_param_value_l;
8402
8403 if (!find_url_param_value(msg->sol + msg->sl.rq.u, msg->sl.rq.u_l,
8404 arg_p->data.str.str, arg_p->data.str.len,
8405 &url_param_value, &url_param_value_l))
8406 return 0;
8407
8408 data->str.str = url_param_value;
8409 data->str.len = url_param_value_l;
8410 return 1;
8411}
8412
Emeric Brun485479d2010-09-23 18:02:19 +02008413
Willy Tarreau4a568972010-05-12 08:08:50 +02008414/************************************************************************/
8415/* All supported keywords must be declared here. */
8416/************************************************************************/
8417/* Note: must not be declared <const> as its list will be overwritten */
8418static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
Emeric Brun485479d2010-09-23 18:02:19 +02008419 { "hdr", pattern_fetch_hdr_ip, pattern_arg_str, PATTERN_TYPE_IP, PATTERN_FETCH_REQ },
David Cournapeau16023ee2010-12-23 20:55:41 +09008420 { "url_param", pattern_fetch_url_param, pattern_arg_str, PATTERN_TYPE_STRING, PATTERN_FETCH_REQ },
Emeric Brun485479d2010-09-23 18:02:19 +02008421 { NULL, NULL, NULL, 0, 0 },
Willy Tarreau4a568972010-05-12 08:08:50 +02008422}};
8423
Willy Tarreau8797c062007-05-07 00:55:35 +02008424
8425__attribute__((constructor))
8426static void __http_protocol_init(void)
8427{
8428 acl_register_keywords(&acl_kws);
Willy Tarreau4a568972010-05-12 08:08:50 +02008429 pattern_register_fetches(&pattern_fetch_keywords);
Willy Tarreau8797c062007-05-07 00:55:35 +02008430}
8431
8432
Willy Tarreau58f10d72006-12-04 02:26:12 +01008433/*
Willy Tarreaubaaee002006-06-26 02:48:02 +02008434 * Local variables:
8435 * c-indent-level: 8
8436 * c-basic-offset: 8
8437 * End:
8438 */